Published: 15. October 2024,
You don’t have to be that long in the tooth to remember the days when we rocked up to the office, fired up the desktop and settled down for a day of work. And in physical terms too, a key, a padlock and a gate were all you needed to lock down a construction site at night. So much for security in the ‘good old days’.
But with the advent of digitization, security has evolved into a very different beast. And like every other industry, construction has had to adapt accordingly in the era of the digital twin, images and video, connected machines, tools, personnel and entry systems. Without enhanced security capabilities, a construction business simply can’t function properly.
Data security is essential for construction applications, in development, implementation and updates, while better understanding and investment in data security tools can show where attacks might come from. There is a cost element too. “By investing in data security tools…organizations reduced their average cost of a data breach by up to $1million,” said IBM’s Cost of Data Breach Report 2023.
But it is evident that the frequency of attacks is nevertheless showing little sign of abating. This Summer alone, the personal data of 560 million customers was stolen from Ticketmaster, while US software provider to auto dealerships CDK Global was shut down for three days in mid-June severely disrupting 15,000 car sellers after what it labelled a“cyber incident”.
With hundreds of billions of data points being collected every day across the sector, construction faces a similar challenge given the proliferation of access points. It is therefore essential to provide extensive security and data ethics training to development teams and also consider ethical hackers to regularly test systems. We recommend the following approach to create a properly robust cyber secure framework for an organization.
Institutionalized governance really is what it says on the tin. It means setting up a proper and responsible framework within the organization perhaps in the form of a committee or something similar to establish the company’s security position. By appointing a dedicated information security leader and assembling a team that convenes regularly to discuss cyber security risks, incidents, and environmental threats, the organization ensures a structured and proactive approach to security.
‘Your cybersecurity is a reflection of the high-value assets and projects that make up your operations, so the higher the stakes, the more you should be pouring resource into securing those assets.’
Such a framework not only establishes basic compliance protocols at the base point, it also reinforces the company’s strategic emphasis on continuous improvement and risk management, reflecting an understanding that cybersecurity is a dynamic field requiring constant vigilance and adaptability. That should ultimately secure buy-in from top management, an essential element to a successful cybersecurity strategy.
Your cybersecurity is a reflection of the high-value assets and projects that make up your operations, so the higher the stakes, the more you should be pouring resource into securing those assets. The recognition that the work your assets are engaged in carries significant value, and by extension, risk, necessitates the implementation of robust cyber security defences without compromise.
This approach involves not just defending against potential threats but also understanding the strategic importance of the assets under protection. The emphasis on cybersecurity reflects an alignment of interests with end users.
If you can identify a gap between industry-established standards of cyber security and the actual level of threat, there is an opportunity to take a role as a leader on security. Not only will that help allow any given organization a competitive edge as a new benchmark for the industry and as a deliverer of cyber security services to others, it will also have the industry-wide benefit of raising standards and strengthen that organization’s reputation.
Moving from a manual-dependent system reliant on intensive paperwork to a digitized, platform-driven approach inevitably strengthens that process and eliminates human error. It’s a powerful value proposition for customers and a serious barrier to criminal activity.
The importance of culture really cannot be underplayed in the battle against cyber crime. While the technical challenge is the natural starting point of any cyber security strategy, getting your people invested in the process is integral to taking it to the next level.
‘Moving from a manual-dependent system reliant on intensive paperwork to a digitized, platform-driven approach inevitably strengthens that process and eliminates human error. It’s a powerful value proposition for customers and a serious barrier to criminal activity.’
Training and awareness is essential to strengthening the notion that security does not simply belong to the IT department. It creates a culture that enshrines cybersecurity, not as the domain of a single department, but something that is a shared corporate responsibility. An inclusive approach like this helps build a resilient organizational culture capable of responding to evolving threats as part of a training culture that is consistent and evolving.
We see strong benefits in a zero-trust security model, moving away from a traditional perimeter-based defence system to a more rigorous, identity-centric approach including multi-factor authentication tools. The zero-trust model reflects an understanding that trust within the network must be earned and verified, regardless of the network’s perceived security.
This model shapes not only the technical architecture but also organizational policies regarding access control and operational protocols. It also signifies a forward-thinking approach to organizational security strategy, where the principle of “Never trust. Always verify,” is paramount.
All of these in combination naturally establish your reputation as a solid custodian and it is a given that certificates such as ISO27001 are a requisite quality mark essential to giving credence to any claims you make in the security sphere.
Of course, a game changer now is AI and construction and rental organizations must work with a development partner that has the expertise and track record of customer solutions on a regional and global basis so that the solutions fulfil appropriate legislative and standards protocols, as well as customer productivity, safety and security needs.
‘No one should short-cut security and especially not in an environment such as construction where personal safety as well as information security may be compromised.’
From a customer perspective it is essential to ensure the technology partner has the accreditation to match their expectations. No one should short-cut security and especially not in an environment such as construction where personal safety as well as information security may be compromised.
This means that the customer data, when used effectively, is more valuable to the business, increasing the justification for the investment and security focus.
Never miss an insight. We’ll email you when new articles are published on this topic.
