24 May 2024

Tackling cybersecurity in construction

In this blog we'll explore some of evolving trends contributing to the widening threat vector, and how to best protect your organisation, your employees, and your sensitive business data.

With the move to hybrid work comes increased risks, driving CIOs to re-think their approach to security. In fact, 96% of IT leaders having already shifted their security strategy, with 50% of organisations agreeing it will now be central to every business decision1. As the industry continues to embrace and adopt new digital ways of working, it is more important than ever to understand how your business might be vulnerable to cyber-attack.

The consequences of poor cybersecurity should not be underestimated. They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people's health and wellbeing. As such, managing data and digital communications channels is more important than ever."

Caroline Gumble, Chief Executive of the Chartered Institute of Building2

Advancing digital technology

New digital tools such as Building Information Modelling (BIM), 3D-printing, remote building monitoring systems, brick-laying robots that generate valuable data are helping the construction industry become more productive, competitive, and sustainable. However, with this new technology comes threats your business must be wary of and take action to defend from. To avoid creating barriers to digitisation and instead become its enabler, it's imperative you transform your capabilities by improving risk management, building cybersecurity directly into your value chains, and supporting the next generation of digital technology solutions.

High value assets, high risk factor

The abundance of high value assets such as PII, PHI, blueprints, building designs, and rich supply chain data are amongst the many records that hold value in the underground market. This includes project management data that contains sensitive information, such as a next bid or project financials. You may also be using high-tech equipment to survey buildings or sites such as drones and GPS kit, that creates valuable models and visualisations. Adding to this risk are distributed teams and the widespread use of tablets, smart phones or laptops, that are increasing system vulnerability entry points.

Implementing a data governance framework is one way to ensure data is processed and managed in line with industry regulations, along with providing training for all staff - whether working remotely, on-site, or at head office. Managed Detection and Response (MDR) solutions are another way to increase your security posture, offering a streamlined and scalable service capable of detecting cyberattack early in the kill chain, and eradicating before significant damage is done.

Consider all aspects of the supply chain

Another important aspect to consider is your supply chain. When choosing a partner or supplier — especially those that will be entrusted with key processes or data — it's vital to make sure they take information security seriously. Often the simplest way to verify this is to ask for proof of certifications for key cyber security and information security standards. Ask if their suppliers or subcontractors are certified and will enable you to confirm security is taken seriously across the entire length of the supply chain. From a data perspective, construction companies that have complete visibility over systems and data will be better able to access valuable insights and respond quickly to new trends.

Most importantly, any threat protection plan must include employees, partners, apps, as well as data. It's true that mastering the way your people work will inevitably take time. But beyond doubt, ensuring you have a foundation that secures your tangible assets and safeguards all digital activity will be key to addressing the ever-evolving risk of cyber-attack.

With this in mind, it is vital you select an expert, certified vendor who is trusted to deliver solutions that solve your security needs. This is where Claranet can help. To discover how we can ensure your business is protected against varying cyber threats, contact us now.

1 PWC - https://www.pwc.co.uk/issues/cyber-security-services/insights/cyber-security-strategy-2021.html 

2 NCSC.gov - https://www.ncsc.gov.uk/news/groundbreaking-cyber-advice-will-help-construction-firms-build-strong-foundations-against-online-threats