industry unlocked
HOW TO BUILD A MORE CYBER-SECURE CONSTRUCTION INDUSTRY
CISOs have a responsibility to strategically layer up security across the organisation in order to defend against cyberattacks . Bharat Mistry , Technical Director at Trend Micro , discusses the steps organisations in the construction industry should take to achieve a comprehensive risk-based cybersecurity strategy .
ecurity in the
S construction industry has always been important , but historically it meant guarding physical sites . Today the focus is very much on protecting the digital assets , IT systems and data flows on which the success of construction stakeholders is increasingly built . With so many points of potential failure for threat actors to probe , CISOs must take a strategic , risk-based approach that layers up security across the organisation . Any less could invite serious reputational and financial risk .
Digital is everywhere
Today ’ s construction sector is a keen adopter of technology and it ’ s easy to see why . Digital Transformation offers the prospect of enhanced employee productivity by automating manual , paper-based processes . It can accelerate competitiveness , cost reductions , data-driven decisionmaking and increased business agility . Depending on the type of business , industry organisations might be using cloud-based applications , 3D and 5D Building Information Modeling ( BIM ), Industrial Control Systems ( ICS ), drones , robotics , Internet of Things
( IoT ) systems , mobile devices and much more .
Yet this reliance on technology – and the many stakeholders typically involved in projects – also creates IT blind spots and weak links in the security chain which bad actors are increasingly capable of exploiting .
The problem with tech
It ’ s not hard to see where these weak points are . During the course of the pandemic , many construction industry employees were forced to Work From Home ( WFH ) to ensure the smooth running of operations . According to official statistics , almost half of the UK ’ s working population did some or all of their work remotely as of April 2020 .
Yet as Trend Micro research revealed , home workers can easily become distracted , making them perfect targets for phishing attacks , and often willingly engage in more risky behaviour than if they were at the office .
They ’ re also likely to be using remote infrastructure such as VPNs and Remote Desktop Protocol ( RDP ) to login to corporate resources . Vulnerabilities and weak or breached passwords in these systems have been ruthlessly exploited during the pandemic . One estimate suggested a triple-digit increase in RDP attacks between Q1 and Q4 2020 .
Many of these attacks were designed to deliver ransomware and steal data . Big-name construction firms , including Bouygues , Bam Construct and Interserve were all hit last year . If the threat of prolonged IT downtime isn ’ t enough , just consider the impact of sensitive BIM designs , budgetary
The first step towards a comprehensive riskbased cybersecurity strategy starts with visibility : understanding what those assets are and where they ’ re located .
44 www . intelligentciso . com