How a Construction Company Can Survive the Cybersecurity Storm

A cybersecurity storm is brewing on the horizon of the construction industry that may wreak havoc on everything in its path. As opposed to rain and lightning, this looming tempest threatens to unleash cyberattacks and data breaches upon any businesses that have not invested the requisite time and resources into constructing the proper defenses. The reasons for the industry’s heightened susceptibility to attack include the growing reliance upon sophisticated new technologies and the sharing of information across decentralized worksites. Warnings regarding the imminent arrival of this storm include unsettling headlines about the plight of the construction industry’s cybersecurity challenges:

• “Tech Adoption Makes Construction Industry Top Target for Cyberattacks” - Construction Dive
• “Construction Industry the Next Big Cybercrime Target” - Cision PR Newswire
• “68% of Construction Executives Have No Cybersecurity Measures in Place” - Help Net Security

While it may be tempting to accept a sense of inevitability when it comes to cyberattacks, it is never too late to build the fortifications needed to weather this storm. However, hastily throwing together disparate defenses may do little to stem the tide of security risks. Taking a more structured and strategic approach, akin to building a sturdy home, will undoubtedly maximize resiliency, exponentially increasing the ability of a business to survive the storm. Here are a few steps to consider:

Step 1: Design the Right Blueprint

When a business takes the time to strategically plan (“measure twice, cut once”) their cybersecurity approach, they are making an investment that will significantly increase the efficacy of their defenses while reducing future missteps. A key step in this process is the collaboration between management and IT, as they must work in lockstep to inventory key data assets and production processes that require protection and assess any applicable threats. This facilitates the creation and administration of security budgets, metrics, and goals while allowing everyone, including ownership, to share the same vision for defending the business from existing and future cyber threats.

Step 2: Establish a Strong Foundation

Every business must provide a strong security foundation upon which their data and applications can be securely accessed. Typical components that make up this foundation include firewalls, endpoint protection, and intrusion detection systems, as well as the related support functions such as patch management, penetration testing, and log reviews. As any successful construction company knows, building on a foundation that has not been properly hardened is a recipe for catastrophe.

Step 3: Properly Frame the Environment

When a business establishes a solid framework of security policies and procedures, it strengthens the confidentiality, integrity, and availability of their data by providing guidance to everyone, from IT and third-party vendors to end users. Having these policies and procedures also helps to orchestrate future additions such as acquisitions of other businesses or expansion of existing operations. Without having a strong framework in place, the various security components needed to protect a business will be disjointed and ultimately ineffective.

Step 4: Construct a Sturdy Exterior

The final touch needed to create a home capable of withstanding the elements is to construct a resilient exterior. Because employees are constantly interacting with external sources, primarily via email, they are analogous to a home’s walls, windows, and doors. There are few barriers more effective at blunting cybersecurity threats than employees who have been armed with the knowledge to detect and avoid such traps. Employees that are provided with regular awareness trainings and spear phishing simulations will be able to nail the best practices needed to drop the hammer on future social engineering attacks.

Building and remodeling the cybersecurity defenses needed to survive the unyielding storm of cybersecurity threats faced by the construction industry is a difficult and unending project. However, if a business designs the right blueprint, establishes a strong foundation, properly frames their environment, and constructs a sturdy exterior, chances are they will have the strength and resiliency to endure the most powerful of storms.

If you need help constructing your cybersecurity defenses, consider setting up a meeting to discuss how Citrin Cooperman can help protect your business. For more information, please contact Kevin Ricci at kricci@citrincooperman.com.