IoT Devices on Construction Sites Create Cyber Risks
PREDICTIONS FOR 2021: PART FOUR
WHY THIS MATTERS
We are seeing exponential growth in the use of Internet of Things (IoT) devices in all industries and by consumers.
Juniper’s latest research, The Internet of Things: Consumer, Industrial & Public Services 2016-2021, found that:
- IoT connected devices will triple by 2021, reaching over 46 billion units.
- Industrial and public services will post the highest growth over the forecast period, averaging over 24% annually.
A new report by Allied Market Research found global IoT in construction generated $8.2 billion in 2019, and is expected to generate $19.0 billion by 2027, with a compound annual growth rate of 14.0 % from 2020 to 2027.
Construction companies must maintain operational resilience even after a cyberattack. Will your company have the required funding to respond to a cyber incident or will your operations be interrupted?
Your investment in robust Stand-Alone Cyber Insurance will help you bear the financial burden of a cyber loss.
Balancing Convenience and Risk
Construction companies of all sizes consider balancing the benefits of IoT devices and BYOD – convenience, improved communication, and increased productivity -- against the increased cyber or privacy risk.
Those companies with a BYOD cybersecurity policy rely on their IT experts to ensure that employees who take the personal de¬vice route follow all security protocols.
During the COVID-19 Pandemic, organizations are exploring BYOD from a new perspective – remote work environments.
As more employers allow their teams to use one smartphone rather than two, the commingling of emails and data could be a cyber threat if the user becomes distracted.
Balancing the ease of use and productivity from BYOD with cyber threats will remain an ongoing dilemma in 2021.
Cybersecurity in the BYOD World
As reported by dark reading, cybercriminals are on the hunt to target the ever-expanding attack surface. Smartphones have become the primary personal IoT device used by employees. These devices may be used for work and personal purposes in multiple locations and remain connected to the internet and an employer's network all day, every day.
Notably, emails appear differently on Microsoft Outlook on a desktop versus on a smartphone. Hackers can optimize the subject line and /from bars making it easier to succeed with spoof or phishing emails containing malicious code in links or attachments.
As with traditional attacks on the network, the BYOD attack lifecycle begins with the first stages of reconnaissance and exploitation. Once bad actors can compromise a device, they can extract critical data and then move laterally – to ransomware attacks, some combined with data leaks (aka double extortion), and business email compromise (BEC).
Construction companies hold critical data about clients, project plans, bids, contracts, and financing. Employees may be sending confidential information over insecure channels. Thus, cybersecurity awareness and mobile device management (MDM) need to be a part of your BYOD plan.
The security capabilities at the core of each of the work and personal environments are essentially similar, according to Justin Somaini, Malwarebytes board member and former CISO at SAP and Yahoo. Still, solutions that bridge the gap between the consumer and corporate environments provide a more holistic view.
The more mature, security-minded organizations are using a model that will likely guide many organizations as they develop their BYOD policies. "These companies are driving security into the services that they are allowing for those consumer devices and providing free or corporate-owned security capabilities on those devices," Somaini told Dark Reading.
Staying a step ahead of the adversary is essential. Organizations relying on mobile devices need the visibility that comes from the consumer products coupled with the intelligence and security available in the corporate environment.
More Use Cases in More Industries in 2021
The use of IoT devices is predicted to grow in 2021. If you enjoy using acronyms, this trend will bring you some satisfaction.
According to Forbes, the Industrial Internet of Things (IIoT), which began with the programmable logic controller in the late 1960s, will expand to
- Healthcare apps (aka the Internet of Medical Things (IoMT)) that allow doctors to monitor patients' well-being remotely and in-home health apps that allow people to check heart rates from home.
- The IoRT (Internet of Retail Things)
- The IoLT (Internet of Logistics Things), and
- The IoWM (Internet of Workforce Management).
The IoT means big money for many industries as they know what, where, and when we buy something. At the same time, the IoT means big money for hackers. Finding the right balance to protect your financial results is vital.
We discussed construction IoT risks more extensively in our previous article.
The Cyber Solution: Stand-Alone Cyber Insurance
Your construction company can survive disruption to your IoT devices and systems that impact your business operations with the help of Stand-Alone Cyber Insurance. Be sure to review any exclusions regarding remote work or personal devices with your cyber insurance broker.
Examples of protecting your bottom line:
- If you suffer a data breach, your business will need to stop the breach, conduct a forensic investigation, notify all those impacted, recover or restore your data, use public relations to maintain your brand, and possibly defend third-party liability claims or lawsuits for damages by injured parties.
- If you suffer a ransomware attack, you can obtain support in negotiating the ransom demand and be compensated for the ransom payment (made with the insurer's prior written consent).
- If you experience business interruption from a cyberattack, you can be compensated for lost profits, and extra expenses such as payroll, during the downtime (after a brief waiting period).
If you experience funds transfer fraud, you can obtain support in recouping some of the funds and compensation for the funds that are not recovered.
- If you are looking for support in our employee training tools and programs, such as phishing emails awareness training.
Stand-Alone Cyber Insurance is an integral part of your cyber risk management planning. You need not go it alone when looking to reduce the financial loss from a cyberattack.
- Construction companies are taking advantage of the benefits of IoT tech. At the same time, they are attracting cybercriminals who target vulnerabilities to pursue and steal valuable data.
- Cyberattack vectors are ever-evolving, dynamic, and varied – which allows hackers to bypass current cybersecurity defenses. Once a BYOD device is hacked, stolen, or lost, the thieves are inside the door.
- Construction companies are susceptible to cyberattacks, even with cybersecurity measures and BYOD policies in place. Human error can and does override cybersecurity measures on job sites and in the office or remote environment.
- You need to invest in a comprehensive Stand-Alone Cyber Insurance policy with explicit, affirmative cyber coverage.
- You need a specialist cyber insurance broker like Cyber Armada Insurance with a network of specialist cyber insurance carriers to obtain the most appropriate cyber coverage for your needs.
Reach out to Cyber Armada Insurance to assist you with your Stand-Alone Cyber Insurance needs. We understand the evolving cyber risks and the importance of your investment in appropriate cyber insurance.
Contact Cyber Armada today to explore how your company can solve potential financial losses from a cyberattack. Contact us at 888.727.6232.