Ransomware Attacks a Concern for Contractors

Insurance experts say that cyber resilience is critical for contractors, especially with the resurgence of ransomware attacks, as hackers get better at exploiting weaknesses in artificial intelligence.

Ransomware attacks are the most common cyber threat Canadians face. Cybercriminals use malicious software to encrypt, steal or delete data and then demand a ransom payment to restore it.

Multifactor authentication, employee cyber training, and incident response plans are among the controls that contractors should put in place, experts said during a session at the recent IRMI Construction Risk Conference.

Contractors should also review their reliance on vendors, sub-contractors, and third parties and use contracts as a way to mitigate cyber risks, they said.

Ransomware attacks are huge and not going away, according to insurance sources. The Toronto Public Library was attacked this month (November 2023), which led to a service disruption of several weeks. Small companies are also targeted, such as a family dentist who faced a $165,000 extortion demand.

‘Not a week goes by when one of our clients does not call us and say, ‘I think we’ve got a ransomware attack,’ one insurance industry expert said.

Five or six years ago, threat actors were demanding ransoms of around $ 20,000 USD, whereas today's demands are, on average, in the millions range’, Michelle Chia, from Zurich, North America, said. ‘Typically, it’s in the $5 million range, but for large or medium organizations, the ransom demands get up to $70 or $100 million’. Talk about inflation!

Whether to pay a ransom demand is a business decision that organizations need to be prepared to make. ‘Businesses need to consider whether they are going to be able to get a backup running and how much that is going to cost in terms of business interruption’, Ms. Chia said.

Large companies such as MGM Resorts International and Caesars Entertainment Inc. are not the only ones getting hit by ransomware attacks. ‘Middle-market companies are being hit all the time,’ according to Tara Albin from Willis Towers Watson PLC.

It is essential to have an incident response plan and ensure everybody knows what they can and cannot do using company infrastructure. Cyber insurance policies give businesses access to extra services provided by insurers that can help normalize operations.

For artificial intelligence, companies are advised to have an employee usage policy in place so everybody knows what cyber protocols are allowed.

For example, an unaware employee uses ChatGPT to find an answer or do something more efficiently, and the posted content puts the company at risk and has huge privacy elements.

‘Hackers are already exploiting AI for voice records so they can mimic the voice of a CFO to carry out social engineering attacks such as fraudulent wire transfers.’

‘Publicly available AI that employees shouldn’t be using to do their particular job is being deployed by some organizations’, Ms. Chia said. She said a recent case where an attorney used ChatGPT to write some of his briefs led to him being disbarred.

Having an AI policy that dictates when and what queries employees can use with AI is essential.

Consult your insurance provider to better understand the risks of cyber attacks and the best practices used to protect your operations.

Source: businessinsurance.com

For more information to educate and protect your Canadian company, visit: https://www.cyber.gc.ca/en/guidance/ransomware-playbook-itsm00099