BeCyberSure discuss cyber security in the construction industry…
In the UK, we are currently living through one of the most uncertain and transformative periods experienced in recent times and businesses are faced with increasingly challenging issues. The construction industry is as at risk as any other and management must ensure that they are prepared for massive disruption from all sides.
A concern that is often shelved in favour of other priorities is that of cyber security but the potential damage is dangerous to overlook. Experience has shown that companies of all sizes, including those with large networks or small standalone systems are all at risk.
The use of the internet and communication networks have revolutionised the way that you work within the construction industry, having opened new avenues for sharing information and exchanging data across a diverse range of organisations including plans, designs, tenders, contracts and financial models etc. One of the greatest challenges will be that organisations will have different levels of competence and as such you must ensure that everything is done to minimise exposure with all necessary checks and protections put in place as well as preparations for the aftermath of any attack.
Cyber security is largely a ‘People’ problem
Focus for cyber security should not just rest on technology; another weak link is the ‘People’ problem. A recent report commissioned by Accenture found that “Of those surveyed, a majority (69%) of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months…” . Personnel can inadvertently expose you through their casual behavior; loss of USB memory sticks, response to malicious emails etc. Such errors can be reduced by increasing user awareness and ensuring they understand the implication of their actions through education.
Complex projects often provide multi-user access, allowing builders, engineers, planners, designers and contractors to access information at the same time. If, even unintentionally, details of the project were to be leaked or altered there could be damaging consequences. Depending on the projects, sensitive information in the hands of malicious outsiders such as terrorists and criminals can provide the tools necessary to conduct their operations. Even hackers who are not looking to cause physical harm can affect your company; obtaining private sensitive corporate information, using your system to access your clients IT networks or even obtaining personal information about your employees.
However, we understand that the technology market place is a somewhat confusing space with vendors aplenty offering ‘The answer’ and ‘silver bullets’ to both managing your business, your precious clients and the resulting enormous amounts of sensitive data that are produced as a consequence. It is no wonder that many organisations rely too heavily on their IT departments or ‘outsourced IT services supplier for support and advice especially with regard to the risks of cybercrime.
This needs to change.
Cyber Security is an element of Information Security. Information Security is an element of Risk Management. Risk Management must be overseen by the board. The EU’s new data law (GDPR) will take effect in May 2018 (before Brexit) and recent statements from UK legislators and regulators, indicate that this law will either be adopted in full or replicated in UK law.
No matter what the industry, in order to maintain a competitive advantage and uphold your integrity, companies must now be seen to be dealing with cyber security in a proactive manner, reducing vulnerability to clients and suppliers across the board. Everyone needs to feel confident that you are fully prepared with a response plan in place to react in the event of a cyber incident, which now seems to be a matter of when rather than if. Don’t get left behind.
Think human, BEFORE you think cyber.
Think security, NOT compliance.
Be Cyber Sure