Construction faces a cyber security challenge


By James Chambers, director, global industry development, Bluebeam

The construction industry has proven to be resilient in the face of multiple challenges since the onset of the pandemic.

For the most part these relate to issues that impact on project delivery, such as a lack of labour or the rising costs of doing business. However, there is a growing area of concern that companies in the sector need to focus on – the high risk of cyber-related crime.

In its most recent survey, published in July 2022, the Department for Digital, Culture, Media and Sport (DCMS) found that 39 per cent of businesses in the UK had identified a cyber-attack in the previous 12 months. The key word is identified, with the report authors arguing that organisations that are less cyber aware are likely to be under-reporting or missing the evidence of an attack.

The most common threat was phishing attempts, mentioned by 83 per cent of the respondents. This is where users receive a message, such as an email or text, that pretends to be from someone else and is designed to trick them into revealing sensitive information such as login details or financial information.

Just over one in five (21 per cent) identified a more sophisticated attack, such as denial of service, malware or a ransomware attack, which can result in company systems or key files being locked.

With the digitalisation of construction moving much faster post-COVID, these risks are not to be underplayed. Since the beginning of 2020, we have seen high profile attacks hitting companies including Bam Construct, Interserve and Bouygues, and there are likely to be more.

Why is construction being targeted?

Compared with other sectors, construction’s relatively late surge into technology adoption puts the sector under greater threat, with lower historic investment in security infrastructure and a workforce that needs upskilling in using tools effectively and safely.

Construction is also vulnerable because of the way it works. Projects are delivered using a broad network of businesses and a workforce spread across multiple locations.

With the sector becoming more data rich and organisations attempting to improve the understanding of our built assets, particularly in a post-Grenfell and net zero focused world, the possible points of failure increase.

With construction made up of a big proportion of SMEs, the risk may be disproportionately higher than other sectors too, with the DCMS research identifying that larger businesses are more likely to spot problems.

The good news is that businesses can protect themselves.

Cybersecurity for construction

Effective cybersecurity is about protecting the information, networks and devices companies use against unauthorised access. Key areas for consideration include:

Network security: protecting data from unauthorised users via a company’s computer network. It includes a company’s firewall, email security, anti-virus measures, anti-malware security and data loss prevention.

Data protection: this comprises the security measures in place to protect a company’s critical business information from destruction, disruption and alteration. With cloud-based services on the rise, it is also important to check the resilience of where data is stored, including any risk of physical tampering, loss, damage or seizure.

Ongoing security: the monitoring and management systems in place and their effectiveness in spotting problems and alerting you.

Security at device level: device protection, including login requirements and anti-virus software.

Secure supply chain and user management: making sure users understand cybersecurity and there are controls around access to information, such as security for different user types.

To ensure construction businesses are as protected as possible from cyberthreats, it is critical that their defences include all of these cybersecurity elements. With breaches becoming more common, delaying is not an option.

Bluebeam has published ‘Data Security in Construction: The Time to Act Is Now’ to help companies improve their defences. Download it here.

Source link