Navigating your continuously connected life

If you used the internet last Friday, chances are you experienced a few problems. Twitter, PayPal, Spotify, Netflix and AirBnB were just a few of the major websites struggling throughout the day. News sites across the country, including The New York Times and The Wall Street Journal, had trouble, too. This was the result of a distributed denial of service (DDOS) attack, a brand of malicious hacking that the cyber security industry knows well.

A typical DDOS attack involves a hacker or hackers using malicious software to infect thousands of computers. They then control those infected machines to coordinate an attack, overwhelming a website with too much traffic until it crashes. Friday’s DDOS attack was more complex and more powerful.

First, the hackers didn’t use a mere “bot-net” of infected computers. They used millions of infected webcams, closed-circuit TV cameras, DVRs, routers… the so-called Internet of Things.

As NPR technology reporter Alina Selyukh explains:

“We’ve all been buying these new things, connecting them to Wi-Fi. Internet wonks will call this the internet of things. Experts have been warning that these things are never secure. This is the most visible example so far of what happens when hackers hijack a tremendous number of them.”

The other thing that set this attack apart was the target. Certainly, the major companies affected by the rolling attack throughout the day were targets, but it does not appear that any one of their websites was hit individually. Instead, the hackers targeted a company called Dyn.

“[I]t is the kind of company that sits between you and a website that you’re trying to access. When you type in a web address, it makes sure that you land exactly where you intended,” Selyukh told NPR. “And Dyn’s clients are some of the most popular websites and services out there.”

Friday’s events prove that technological innovation often advances faster than technology security. We’re all vulnerable when that happens.

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month (NCSAM), an initiative created to bring awareness to issues like this one, and to encourage collaboration between government and industry to serve the American public. As part of the annual campaign, Stay Safe Online offers a collection of resources to educate and assist you in shoring up your own cybersecurity. These are useful both personally and professionally, so we hope you’ll check them out.

And for those interested in insuring against potential losses due to cyber risks, many top tier professional liability insurance carriers also offer cyber liability insurance for design professionals. Here are just a few:

PUA Cyber Liability Insurance

RLI Cyber Liability Insurance

Travelers Cyber Liability Insurance

Victor O. Schinnerer Cyber Liability Insurance

Keep those passwords strong!

 

Hackers make headlines daily with targets ranging from major Swiss banks to Minecraft users to German nuclear power plants. But what are the risks to architects and engineers?

keyboard

Professional Liability carrier Victor O. Schinnerer urges design professionals to Take Cyber Liability Exposures Seriously in a recent blog post:

Cyber liability problems that have disrupted firm operations often are based on one of three vectors:

— insiders who are dissatisfied or recognize their ability to tap firm assets and use that access for harm or personal profit;

— past employees who either take digital assets with them or to enact revenge against their former employers corrupt firm systems and information; and

— hackers who know that confidential project data is vulnerable and hold digital information hostage until a ransom is paid.

Hackers Can Wreak Havoc on a Firm

Although internal threats cause many cyber liability breaches, a malicious outsider is one of the greatest fears of professional services firms. A hacker could cause data inaccessibility through alteration or destruction. A firm would lose intellectual property and no longer be able to meet contract objectives and deadlines. Attackers who gain access to a firm’s data can encrypt it using ransom-ware and extort payment to regain access to information. Firms that do not properly preserve digital assets through robust back-up systems often have no alternative but to pay the ransom.

Construction projects today are increasingly dependent on digital technology. The adoption of BIM and the increasing use of digital technologies in designing, constructing, and operating buildings and infrastructure are transforming the way the industry works. The concept of collaborative work through the sharing and use of detailed models and large amounts of digital information requires that parties be aware of vulnerability issues and take appropriate control measures. Improper access controls could lead to an attack severely disrupting progress on a project, causing delays or remedial work that could lead to significant claims from owners, lenders, or other stakeholders. And if confidential information on the structure or systems of projects is accessed by unauthorized parties, the safety of the owners and users of the buildings or infrastructure could be put at risk.

It is possible to insure against these vulnerabilities. Schinnerer’s Cyber Protection Package is one example of such coverage. Here are a few others:

Give your local a/e ProNet broker a call to discuss your options today.

Screenshot 2015-10-16 13.03.11Design firms may not seem like prime targets for hackers, many of whom are after sensitive, personal information, etc., but this assumption can be dangerous for architects and engineers. Intellectual property must be kept secure, and the threat can come from outside hackers, as well as from employees.

As detailed in Schinnerer’s most recent issue of Constructive Comments, the “(t)he Federal Trade Commission (FTC) has developed cyber security principles in its Start with Security: A Guide for Business. The publication’s guidance is based on the FTC’s data security settlements. Lessons from more than 50 FTC cases show how companies can improve their cyber security practices.”

The guide breaks the strategy down into the following ten steps:

 

1. Start with security.

2. Control access to data responsibly.

3. Require secure passwords and authentication.

4. Store sensitive personal information securely and protect it during transmission.

5. Segment your network and monitor who’s trying to get in and out.

6. Secure remote access to your network.

7. Apply sound security practices when developing new products.

8. Make sure your service providers implement reasonable security measures.

9. Put procedures in place to keep your security current and address vulnerabilities that may arise.

10. Secure paper, physical media, and devices.

Access the PDF version of Start with Security: A Guide for Business here.