Digital Security in Construction – What Construction Leaders Should Know

Data security is an issue at the forefront of discussions for most businesses today. The construction industry is experiencing rapid digitalization, with technology increasingly being embraced as more complex projects challenge the day-to-day operations.

This increasing adoption of technology comes with the risk of cyber-attacks, putting construction companies at the top of the list for cyber criminals. According Safety Detectives, construction was the third most common industry to experience ransomware attacks in 2021, with 13.2% of total ransomware attacks in North America. A survey by Ponemon Institute found that 74% of organizations are not prepared for cyber-attacks and do not have a response plan in place to protect them.

The rise of technology in construction comes with many new risks. How can construction leaders be at the forefront to ensure firms are protected?

What is data security, and how does it work?

Cybersecurity is the practice of protecting networks, devices and data from unauthorized access or criminal use. The U.S. Cybersecurity & Infrastructure Security Agency describes cybersecurity as the practice of ensuring confidentiality, integrity and availability of information. There are several types of cyber threats:

• Ransomware
• Data breaches
• Malware

Ransomware attacks are continuously making headlines in the news. During a ransomware attack, cybercriminals deploy a virus that holds a device hostage until the owner pays a fee to regain access. Such attacks have harmed some construction organizations irreparably. As described in Engineering News-Record, Bouygues, a notable French contractor, fell victim to a ransomware attack that resulted in the company’s data being published online. Information systems were temporarily shut down, and critical computer systems were cut off.

Learn how you can protect your project data with Applied Software, Graitec Group. We’ll help identify the tools that best serve your needs. Contact us to learn more.

Why is this happening?

Ransomware is effective because most companies are ill-equipped to deal with it. For years the construction industry was slow to adopt digital technology, making it the least regulated in data protection and security. The limited regulation and guidance became contributing factors to the industry being a target for cybercriminals today.

How firms can act now

The construction industry has come a long way in adopting the technology. Now it must recognize the associated risks. This means looking at the data companies hold and how it is stored and protected. Having a shared responsibility model is crucial for firms to include at the forefront of their cybersecurity. This includes but is not limited to:

1.  Vetting a third-party cybersecurity provider.
2. Certifying your technology provider/partner is compliant and equipped to safeguard data.
3. Creating a cybersecurity plan for internal and external stakeholders to follow and abide by.
4. Verifying continuously that servers and networks within the ecosystem of cloud computing providers/partners (like Microsoft Azure) are meeting government regulations on data security.

The business value of data has never been greater than it is today. Construction leaders need to be prepared to uphold a firm’s cyber defenses to stronger principles.

To learn more about data security in construction, read the whitepaper, “Data Security in Construction: The Time to Act Is Now.”