As digital transformation sweeps the world, more conservative economic sectors such as public transport, agriculture and banking and finance have become reliant on technological advances. Despite rapid adoption in other sectors, especially AI, the construction industry remains largely untapped, albeit with great potential for innovation.
Technology adoption in this space has been slow due to fragmentation and complexity. A typical project involves multiple parties, experts, processes and tools that are difficult to centralize, integrate and secure. As a result, many companies still use manual, paper-based processes that are costly and laborious to digitize. This leaves a huge gap for the IT and security industry to fill.
The expanding role of technology brings new risks
Despite all the barriers, construction companies are embracing IT as they realize the benefits: increased productivity, better quality buildings, improved safety and long-term cost savings. Traditionally known for busy worksites and paperwork, much of the construction industry is experiencing a digital revolution.
Internet of Things (IoT), GPS, Telematics, Roofing SoftwareCloud-based project management tools, Building Information Modeling (BIM), Artificial Intelligence (AI) and more – these terms are joining the construction engineer’s vocabulary.
Combine this with vendor reliance, high staff turnover, data sharing outside the organization and increased use of mobile devices and offices, and it becomes clear that construction companies are more susceptible to cybercrime than ever before. Maze ransomware attacks in 2020 The series of incidents involving Bouygues Construction in France and Byrd Construction in Canada served as a wake-up call.
Sometimes, poor software update hygiene can play into attackers’ hands. It’s common for many construction companies to have legacy IT systems and outdated applications with unpatched security holes, leaving attackers free to exploit them. Additionally, a lack of adequate awareness of cybersecurity, which is often not a priority across the industry, makes workers highly vulnerable to threats such as phishing.
Unfortunately, many of these businesses, while going digital, still follow a “brick and mortar” paradigm and miss out on effective cybersecurity mechanisms such as firewalls. Automated Penetration Testing,Intrusion Detection Systems, and other disconnects between different systems need to be fixed.
How to close the cybersecurity gap in the construction industry
The road to digital transformation will continue to be a difficult one, given the industry’s complexity and resistance to change. Here are some security measures construction companies can use to get the most out of IT and avoid cyberattacks:
- Third Party Risk Management: Assess the cybersecurity posture of your vendors and subcontractors before onboarding. Develop strict security requirements and regularly review compliance to ensure your entire supply chain is tamper-proof.
- Modernizing your IT infrastructure: Upgrade outdated systems and regularly patch software vulnerabilities. Create a patching schedule and ensure all devices, from computers to tablets used in the field, are updated promptly.
- IoT Protection: Implement strong security measures on all IoT devices in use, including safety sensors, security cameras, GPS trackers, worker wearable devices such as smart helmets, automated material tracking devices, etc. Encryption, strong authentication, and firmware updates are a must.
- Strong password policy: Enforce complex password requirements that combine upper and lower case letters, numbers, and symbols, and require multi-factor authentication (MFA) for at least privileged user accounts.
- Network Segmentation: Separate sensitive data from day-to-day operations to minimize the damage caused by a potential breach. Segment your network by creating virtual spaces for administrative functions, project management tools, guest user internet access, and your organization’s IoT ecosystem.
- Secure Software Engineering: Consider leveraging Platform as a Service (PaaS) environments such as AWS, Azure, and Google Cloud Platform to streamline the development of your own business applications. PaaS Hosting Improve coding capabilities without adding staff, shorten project times, and provide turnkey security controls across the entire software development lifecycle.
- Data backup and restore: Maintain up-to-date backups of important data, such as project plans, financial records, intellectual property, etc. Implement a robust recovery plan that outlines steps to restore data and resume operations quickly in the event of an attack. Consider storing backups offline or in a secure cloud environment.
- Cyber Insurance: This preventative measure offsets the financial losses caused by a cyber attack. It can cover costs associated with data recovery, legal fees, and business interruption.
- Comprehensive Cybersecurity Training: Integrate cybersecurity into your company culture. Invest in regular, engaging security awareness training for all employees so that they can identify phishing attacks, understand the importance of strong passwords, and know how to report suspicious activity.
In some ways, the construction industry has little choice but to embark on a dynamic digital transformation path, so now is the time to build a solid security foundation for the transition. These nine tips can help construction companies – and most other types of businesses – modernize.
David Balaban, Owner, Privacy-PC