What Businesses Need to Know about Modern Slavery Act
Ageing Pipelines Turn to Robotics for Much Needed Repairs
The Anatomy of Requests for Information (RFIs)
Putting Construction Waste in its Place
Why You May Need a Social Licence to Operate – And How to Get It
Reaching New Heights With Sustainability
Australia's Largest Waste to Fuel Plant Opens in Sydney
What Happens to Queensland's Site after Commonwealth Games?
By John Biggs
July 16, 2018
As the construction industry brings more of its processes and even equipment online, the number of potential exploitation points for hackers and data thieves has grown. Keeping your customer data, proprietary secrets or other confidential information out of the hands of cybercriminals is an essential component of a modernized construction operation.
Construction Executive writes that in spite of the heavy use of IT infrastructure in construction, the industry doesn’t see itself as a particularly juicy target for hackers, which, somewhat ironically, only increases the likelihood of them being targeted. The potential ramifications of a data breach can be severe, and could impact everything from the company’s reputation to its market valuation, and subject companies to the inevitable costly measures required to recover from a breach.
And it’s a problem gaining prominence in the industry. Alexander Head, chief research officer at SecurityScorecard recently told Construction Dive that the rise of connected devices is making construction companies ever more vulnerable to attack.
"The focus of malicious actors on the construction industry is expected to increase significantly within the coming years as construction firms begin standardizing the integration of 'smart' devices and IoT devices such as thermostats, water heaters, and power systems. These new IoT devices will create a larger attack surface that previously did not exist,” he said.
Cyber Attackers can gain access to sensitive systems in a number of ways. Malware is malicious software which disguises itself as something harmless and aims to trick users into clicking it, at which point the software can harm the host system or reveal sensitive information. Keyloggers are programs installed that track and record every keystroke and can be used to find user logins and passwords, credit card or bank information and more. Spear phishing attacks use deceptive emails targeting specific users within an organization containing a link to malware or other malicious software. If the user clicks it, the program is initiated.
One of the most rudimentary ways to safeguard operations against such intrusions is to offer employees comprehensive training on how to detect and avoid such attempts. It should be common knowledge to anyone with system access that you should never click a link in an email from an unknown source, or open a piece of software that’s not familiar.
Of course, deception is how these attacks propagate, using email addresses that often mirror ones within the organization to attempt to trick users. If an employee receives a suspicious email or file, rather than opening or clicking it, there should be someone within the organization to forward the email to who can identify such threats and verify if a link or file is safe to open.
Another best practice is to keep all software current and install patches as they’re released, particularly security patches. Cyber attackers exploit vulnerabilities in systems left wide open by outdated software. Passwords should be changed regularly and difficult if not impossible to guess. Passwords like “password” or “12345” are shockingly common, and provide virtually no safeguard against attacks. Passwords should contain alphanumeric characters, special characters ($, %, #, etc.) to thwart attempts by software that can easily crack simple passwords.
Any third parties with access to your company’s system should use the same rigorous standards. The best in-house cybersecurity training in the world won’t stop an attacker from breaching a system through a third party if they’re careless with your passwords or stored data.
A company’s sensitive information should be cloistered off in silos specific to each device or storage system containing it. That way, if one device is breached it doesn’t give the intruder access to the entire system. Some companies, according to Construction Dive, even keep the most critical data on an offline server, cutting off any outside access to potential hackers.
When it comes to cybersecurity, the hard truth is that as long as there is interconnectivity, there will be breaches, either by sophisticated state-funded hacker groups or rogue individual mischief makers and thieves. In order to avoid a breach, security methods must achieve a 100% success rate, while a hacker only has to be successful once to cause potentially severe damage to a company. Even a single breach can permanently ding a company’s reputation and harm its perception of trustworthiness, so locking down security procedures is critical as we move forward in the information age.
The Cyber Risks for Smart Cities of the Future
The widest used rating system for green building is Leadership in Energy and Environmental Design (LEED), developed by the U.S. Green Building Council (USGBC). It’s no surprise, then, that major U.... Read More
July 1, 2018
Hear Brad Hyatt, Associate Professor at California State University Fresno, discuss what students are learning in school to prepare them for const... Read More
Budget. Schedule. Quality. The trifecta of a project. But balancing that trifecta isn't easy to do. Our webinar, led by construction industry exper... Read More
Building in the "Big Easy" sometimes isn't. The challenges faced by Landis Construction aren't often understood by out-of-towners, because when it'... Read More
Estimating mistakes cost contractors plenty. And, with the demand from customers for estimates on-the-fly, the chances of missing the mark increase... Read More
In all big construction projects, time is money, and few projects drag along as painfully slow as high-rise buildings. A new method of construction... Read More
June 25, 2018
Improving safety and efficiency on projects is an important consideration for any construction company, and to that end, some are turning to unmann... Read More