Daniel Parziale and the Beckage team are there to help when it counts most. He doesn’t answer calls for fires, heart attacks, or bank robberies, but he does for companies victimized by cybercrime.
Parziale earned his law degree from Rutgers in 2017 where he learned as much as he could about the cyber world’s legal and regulatory framework. Now he is a Certified Information Privacy Professional on the incident response team for Beckage, a law firm that helps companies respond to and defend against cyberattacks.
Parziale swings into action by assembling a team of experts to assist in the forensics and remediation process after a company has suffered a data incident or ransomware event. Once a forensic investigation is complete, the Beckage team helps companies meet their notification obligation under applicable data breach notification laws. This can include notifying affected individuals, government regulatory entities, and even other businesses.
Ransomware Events and Wire Transfer Fraud
Parziale notes that two major forms of cyber risk the construction industry faces are ransomware events and wire transfer fraud. A ransomware event consists of an individual, known as a threat actor, gaining access to a company’s computer systems and encrypting the data. The threat actor will then attempt to have the company pay for a decryption key to decrypt the data. In an August 1 editorial, The New York Times called ransomware “the major cyber problem of our time.”
Construction companies often operate under time and personnel constraints, making them targets for the gangs that perpetrate ransomware attacks, Parziale says. These infiltrations can result in shutdown of businesses for weeks or even months. The critical nature of construction contractors’ work can mean that they are more eager to pay ransom demanded for release of the company’s data in order to resume operations and get their people back to work on the project.
“The bad guys aren’t only going after entities that manage social security numbers or credit card numbers,” Parziale says. “They’re going after operations where the interruption to business provides leverage and might be critical for some construction industry sectors.”
While ransomware attacks can freeze an entire system or part of a system, wire transfer frauds are more focused cons. Parziale emphasizes that the construction industry is especially vulnerable to wire transfer fraud as contractors are often wiring large sums of money to a subcontractor’s bank account.
“That is what I imagine will shock a lot of construction companies,” Parziale observes. “They are probably engaging in wire transfers quite frequently and in large amounts.”
Emails may look like they are coming from a known contractor or accountant but are composed by threat actors posing as those figures.
Generally speaking, fraudulent wire payments could involve a general contractor who receives what he/she believes to be a request from a subcontractor to change the destination of a wire transfer from a contractor’s bank account to the subcontractor’s bank account. The contractor duly transfers a payment to the new account. The problem is that it’s not the subcontractor who is making the request.
“The contractor thinks that’s where the plumber wants the money to be paid. The plumber reaches out and says, ‘I never got that payment.’ The general contractor says, ‘Whoa, what do you mean?’”
Parziale notes that there are ways a contractor could potentially mitigate the risk of experiencing a fraudulent wire transfer, including getting on the phone with a person asking to change the destination for the wire transfer to confirm it is a legitimate request.
How Construction Businesses Can Prepare for and Respond to Cyberattacks
A ransomware has frozen a company’s data and the “threat actor” is asking for hundreds of thousands–maybe millions–to release it and allow the company to resume business. This is no far-fetched scenario as Colonial Pipeline can attest. The firm, which moves 100 million gallons of fuel daily to consumers from Houston to New York, was shut down by just such an attack in May. It paid millions to a Russia-based ransomware gang so it could resume operations
What must companies do to prepare for these attacks? And what can they do to prevent the attacks from succeeding?
The treacherous new world of cyber threats requires new plans and procedures by businesses in general and construction contractors in particular, says Parziale, who helps companies respond to cyberattacks and to prepare before they happen.
In the event of a breach of personal information – medical or tax information, for example – Parziale helps companies notify the appropriate individuals and government entities.
“Depending on the number of affected individuals, an entity may have a notification obligation to the state attorney general’s office, or the federal government,” Parziale says.
For surety bond producers who advise construction clients on cybersecurity, Parziale offers this framework for helping their clients prevent and mitigate cyberthreats:
- Ensure the company has cyber insurance. “The cost of responding to an incident is much higher than most businesses would anticipate. It’s not uncommon to have hundreds of thousands to millions in expenses due to an incident,” Parziale says. Part of the cyber insurance should provide coverage for wire transfer fraud.
- Construct a strong incident response plan. Does the company have written guidance for responding to an incident? The plan should specify what organizations and individuals to notify in the event of a data breach, including people within the company, but also the insurance company, legal counsel, external regulators, and the public. The plan should also detail steps to take if business interruption occurs and ways to limit the data breach or freezing of records.
- Practice good cyber hygiene, including regularly changing passwords, using two-factor authentication (click on a phone) or multifactor authentication (click on the phone and then type another password). Staff should be sensitive to password use and trained to be resistant to “social engineering” by which emails from threat actors attempt to manipulate people into turning over their passwords or clicking on phishing links that can infect a system.
In a briefing paper for the Associated General Contractors of America’s 2021 Surety Bonding and Construction Risk Management Conference, Parziale and Jennifer A. Beckage, founder of and Data Security Lawyer at Beckage, advocated for development of a defensive cyber culture in construction firms.
“A great construction cyber culture begins with a buy in at the top and a demonstrating by example (so no exceptions!),” Beckage and Parziale wrote in “Why the Construction Industry Is Being Impacted by Cyberattacks, and What To Do About It.”
NASBP is pleased to have representatives of the Beckage team present on “The Changing Cybersecurity Threat Landscape: Understanding the Legal Perspective” during the NASBP fall meetings. Jordan Fischer will present at the NASBP East Meeting in Chicago, IL; and Myriah Jaworski will present at the NASBP West meeting in San Diego, CA.