Top Green Building Resources to Successfully Guide Your Next Project
10 Building Materials of The Future that Could Change Construction
The Future of Cement is 3D
Snowy 2.0: Building on a Legend and Legacy
What You Should Know About New Energy Changes
Future of Equipment Tracking for Construction
Sydney's Taronga Zoo Sets the Benchmark
Harnessing Solar Energy With Eyes in the Sky
By John Biggs
July 16, 2018
As the construction industry brings more of its processes and even equipment online, the number of potential exploitation points for hackers and data thieves has grown. Keeping your customer data, proprietary secrets or other confidential information out of the hands of cybercriminals is an essential component of a modernized construction operation.
Construction Executive writes that in spite of the heavy use of IT infrastructure in construction, the industry doesn’t see itself as a particularly juicy target for hackers, which, somewhat ironically, only increases the likelihood of them being targeted. The potential ramifications of a data breach can be severe, and could impact everything from the company’s reputation to its market valuation, and subject companies to the inevitable costly measures required to recover from a breach.
And it’s a problem gaining prominence in the industry. Alexander Head, chief research officer at SecurityScorecard recently told Construction Dive that the rise of connected devices is making construction companies ever more vulnerable to attack.
"The focus of malicious actors on the construction industry is expected to increase significantly within the coming years as construction firms begin standardizing the integration of 'smart' devices and IoT devices such as thermostats, water heaters, and power systems. These new IoT devices will create a larger attack surface that previously did not exist,” he said.
Cyber Attackers can gain access to sensitive systems in a number of ways. Malware is malicious software which disguises itself as something harmless and aims to trick users into clicking it, at which point the software can harm the host system or reveal sensitive information. Keyloggers are programs installed that track and record every keystroke and can be used to find user logins and passwords, credit card or bank information and more. Spear phishing attacks use deceptive emails targeting specific users within an organization containing a link to malware or other malicious software. If the user clicks it, the program is initiated.
One of the most rudimentary ways to safeguard operations against such intrusions is to offer employees comprehensive training on how to detect and avoid such attempts. It should be common knowledge to anyone with system access that you should never click a link in an email from an unknown source, or open a piece of software that’s not familiar.
Of course, deception is how these attacks propagate, using email addresses that often mirror ones within the organization to attempt to trick users. If an employee receives a suspicious email or file, rather than opening or clicking it, there should be someone within the organization to forward the email to who can identify such threats and verify if a link or file is safe to open.
Another best practice is to keep all software current and install patches as they’re released, particularly security patches. Cyber attackers exploit vulnerabilities in systems left wide open by outdated software. Passwords should be changed regularly and difficult if not impossible to guess. Passwords like “password” or “12345” are shockingly common, and provide virtually no safeguard against attacks. Passwords should contain alphanumeric characters, special characters ($, %, #, etc.) to thwart attempts by software that can easily crack simple passwords.
Any third parties with access to your company’s system should use the same rigorous standards. The best in-house cybersecurity training in the world won’t stop an attacker from breaching a system through a third party if they’re careless with your passwords or stored data.
A company’s sensitive information should be cloistered off in silos specific to each device or storage system containing it. That way, if one device is breached it doesn’t give the intruder access to the entire system. Some companies, according to Construction Dive, even keep the most critical data on an offline server, cutting off any outside access to potential hackers.
When it comes to cybersecurity, the hard truth is that as long as there is interconnectivity, there will be breaches, either by sophisticated state-funded hacker groups or rogue individual mischief makers and thieves. In order to avoid a breach, security methods must achieve a 100% success rate, while a hacker only has to be successful once to cause potentially severe damage to a company. Even a single breach can permanently ding a company’s reputation and harm its perception of trustworthiness, so locking down security procedures is critical as we move forward in the information age.
The Cyber Risks for Smart Cities of the Future
The AEC industry relies on drawings for everything, from the external site plan and interior layout to the punch list and RFIs. According to Home Improvement Pages, a custom-designed residential ho... Read More
Construction work as we well know is a team effort, requiring the synchronization of workers, equipment and materials. And just as construction wo... Read More
Listen in to this free webinar with Carey Larsen, Social Marketing Manager at Procore, Bob Gardner, CEO of Gardner Builders, and Jessica Stoe, Bran... Read More
At a rural Ohio job site, Wieland Construction and its subcontractors are managing progress entirely from mobile devices — an investment they say h... Read More
The majority of project leaders and teams on site today still utilize outdated, manual tools and processes—even though there are plenty of technolo... Read More
If only smooth and easy client communications was a project tool you could pull out and use at a moment’s notice. Unfortunately, that’s hardly the ... Read More
The big deal is the cash-burning time sink created by a hazily written RFI. It’s already been shown that about 22% of RFIs never get answered at al... Read More
December 31, 2018