Intelligent CISO Issue 53 - Page 44

Construction must embrace cybersecurity transformation to be delivered alongside Digital Transformation .
industry unlocked

BACK TO BASICS : FIVE FOUNDATIONS FOR CONSTRUCTION CYBERSECURITY

Digital Transformation is inevitable for the construction sector , and the proliferation of devices , applications , cloud and SaaS solutions is only continuing across the industry . All of these need to be hardened to the cybersecurity threat . Nick Banta , VP Global Cyber Security , Trimble , highlights that if the industry practices cybersecurity hygiene as a standard and remains adaptable amid today ’ s shifting risk landscape , its Digital Transformation journey can become a tremendous success story .
onstruction has

C seen a push towards digitalisation over the past several years . Whether it be the adoption of SaaS applications for workflows , the widespread uptake of cloud services , or the digitisation of construction machinery itself , the industry is rising to the challenge of Digital Transformation to improve productivity .

But Digital Transformation has created new risks for the construction sector . Digitalisation necessarily brings a greater attack surface for cyberattacks , which can have the power to paralyse organisations and bring operations to a screeching halt .
The rise of technological norms like Bring Your Own Device ( BYOD ), crossorganisation integrations and customer portals have greatly increased the attack surface for many construction companies . At the same time , many organisations have also had to grapple with their ongoing legacy infrastructure that sticks around even after Digital Transformation initiatives .
As a result , even construction companies that take cybersecurity seriously can find themselves exposed to cyberattacks via employees , subcontractors , suppliers , or customers . To protect the industry from this , construction must embrace cybersecurity transformation to be delivered alongside Digital Transformation – but how ?
Rather than going all-in with intricate solutions , construction cybersecurity teams should first look at their foundations . A few careful and limited investments and practices can offer great value in reducing a cybercriminal ’ s ability to compromise your network . In particular , teams should commit to the ‘ five foundations ’ as the first steps for any approach to cybersecurity :

Construction must embrace cybersecurity transformation to be delivered alongside Digital Transformation .

Multi-Factor Authentication ; endpoint detection and response ; rapid patching ; incident response standards ; and immutable backups .
Multi-Factor Authentication ( MFA )
MFA , for those that aren ’ t familiar , requires users wishing to access a network to present multiple means of authentication . The most common implementation of MFA is Two-Factor Authentication ( 2FA ) – such as a traditional password and partnered with a smartphone application for authorisation .
MFA has surged in recent years , with Cisco finding that 78 % had used 2FA in 2021 , up from just 28 % four years earlier . MFA has taken hold as it represents a low-hanging fruit , since it ’ s so easy to implement and it ’ s built into many of the applications that construction companies are already using .
And the return on MFA is great . It substantially raises the barrier to entry to breaches since , along with email and passwords , it also demands an intruder obtain an employee ’ s MFA authorisation . By raising the barrier to entry , MFA enables construction teams to completely deter many low-sophistication cybercriminals . And even among
44 www . intelligentciso . com