The Australian Cyber Security Centre (ACSC) has reported a growing trend of cybercriminals attacking building and construction companies and have now labelled this as a MEDIUM alert.
According to the ACSC, there has been a particular increase in Business Email Compromise (BEC) scams, which essentially consist of fraudulent emails sent by cybercriminals posing as legitimate businesses.
For example, X Construction Company may receive a fake email from someone pretending to be their supplier. This fake email may state that their banking details have changed, and for X Construction Company to send new payments to that nominated account. At first glance, this fake email may appear completely legitimate.
The Australian Financial Review has suggested from research that the construction industry, which is one of the least digitised industries, has become victim to more cyber attacks as it catches up to the cyber economy.
Contributing to this is the fact that the construction industry revolves around project-based payments that include parties that have not worked with each other before.
See also: IT Liability Insurance
How to mitigate risks of cyber attacks
As well as suggesting businesses be vigilant with emails and invoicing, the ACSC suggests the following mitigation strategies:
- Verify payment-related requests: If you receive a request to make a large transfer or to change bank account details, you should verify that the request is legitimate before actioning it. Call the sender’s established phone number or visit them face-to-face before transferring any funds.
- Secure your email account: It is recommended that construction companies and related businesses use strong passphrases and enable multi-factor authentication on their email accounts.
- Training and awareness: Ensure that your staff are trained to recognise suspicious emails, including fraudulent bank account changes or requests to check or confirm login details. The latter may be a phishing attack which could compromise account security.
We do recommend that our clients and other business owners reading this article take this seriously. As we reported on JBS paying $11.4 million to resolve a cyber attack, the Nine Network being hacked and how Levitas Capital lost $8.7 million from a fake Zoom call, no business, no matter the size or level of security, is immune to these risks.
As no one security system be 100% fool proof, Cyber Insurance is a cost-effective way to provide you with protection against the potentially significant financial impact of cyber attacks. Please don’t hesitate to contact us if you would like to discuss your Cyber Insurance options, or would like a comparative quote against your current insurance premiums.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email firstname.lastname@example.org.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511. This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.