Digital Transformation is inevitable for the construction sector, and the proliferation of devices, applications, cloud and SaaS solutions is only continuing across the industry. All of these need to be hardened to the cybersecurity threat. Nick Banta, VP Global Cyber Security, Trimble, highlights that if the industry practices cybersecurity hygiene as a standard and remains adaptable amid today’s shifting risk landscape, its Digital Transformation journey can become a tremendous success story.
Construction has seen a push towards digitalisation over the past several years. Whether it be the adoption of SaaS applications for workflows, the widespread uptake of cloud services, or the digitisation of construction machinery itself, the industry is rising to the challenge of Digital Transformation to improve productivity.
But Digital Transformation has created new risks for the construction sector. Digitalisation necessarily brings a greater attack surface for cyberattacks, which can have the power to paralyse organisations and bring operations to a screeching halt.
The rise of technological norms like Bring Your Own Device (BYOD), cross-organisation integrations and customer portals have greatly increased the attack surface for many construction companies. At the same time, many organisations have also had to grapple with their ongoing legacy infrastructure that sticks around even after Digital Transformation initiatives.
As a result, even construction companies that take cybersecurity seriously can find themselves exposed to cyberattacks via employees, subcontractors, suppliers, or customers. To protect the industry from this, construction must embrace cybersecurity transformation to be delivered alongside Digital Transformation – but how?
Rather than going all-in with intricate solutions, construction cybersecurity teams should first look at their foundations. A few careful and limited investments and practices can offer great value in reducing a cybercriminal’s ability to compromise your network. In particular, teams should commit to the ‘five foundations’ as the first steps for any approach to cybersecurity: Multi-Factor Authentication; endpoint detection and response; rapid patching; incident response standards; and immutable backups.
Multi-Factor Authentication (MFA)
MFA, for those that aren’t familiar, requires users wishing to access a network to present multiple means of authentication. The most common implementation of MFA is Two-Factor Authentication (2FA) – such as a traditional password and partnered with a smartphone application for authorisation.
MFA has surged in recent years, with Cisco finding that 78% had used 2FA in 2021, up from just 28% four years earlier. MFA has taken hold as it represents a low-hanging fruit, since it’s so easy to implement and it’s built into many of the applications that construction companies are already using.
And the return on MFA is great. It substantially raises the barrier to entry to breaches since, along with email and passwords, it also demands an intruder obtain an employee’s MFA authorisation. By raising the barrier to entry, MFA enables construction teams to completely deter many low-sophistication cybercriminals. And even among attackers who it doesn’t deter, MFA will make it significantly harder for them to succeed in breaching your network.
Endpoint Detection and Response (EDR)
EDR works to discover potential or actual security breaches in a network’s endpoints, helping teams to rapidly respond to risks before an attacker can exploit them. A broad range of capabilities and implementations fall under the EDR umbrella, ranging all the way up to advanced systems that leverage AI models to automate the detection and removal of even the most sophisticated threats.
However, the market is also packed with business-ready EDR suites that can be installed off the shelf and require little technical or administrative overhead to operate. Many vendors even offer ‘hunting’ services where their trained experts can use the more sophisticated features of their product to protect a client. In almost all construction use cases, these services deliver exceptional value.
Using EDR, construction cybersecurity teams can gain real-time intel and response windows on breaches, shutting down attackers and mitigating the damage from a breach. EDR is a good way to harden a network, especially as construction activities in the field now involve many endpoints – whether that’s your machinery or worker devices, or even those of suppliers, contractors, or customers.
Rapid patching
Recent software supply chain vulnerabilities, such as Log4j, have shown that vulnerability patching is essential to a cybersecurity strategy. At the heart of resolving vulnerabilities is working to patch them as soon as possible. Ultimately, the key to achieving this among IT teams is clear lines of accountability regarding who oversees, maintains and patches any given system, workflow, or application.
Going beyond that, it’s worth looking to see if your team can automate the patching process as far as possible. Automation offers the possibility to dramatically speed up the detection and deployment of patches, but it isn’t a silver bullet. Many systems may need a manual review and some vulnerabilities may be so deeply embedded in your software stack that they may not be possible to automate.
Ultimately, falling back on clear lines of accountability is crucial. Security teams need to constantly develop ways to measure security vulnerabilities and exposures throughout their technology stack, so they can provide actionable data to accountable teams to close gaps quickly.
Incident response standards
Cybersecurity teams should be aware of response expectations to a breach or attack. To that end, teams need to develop clear procedures for who to notify as a threat escalates and when to ensure quick action is taken in the face of a cyberattack.
Beyond quick decision-making and communication within cybersecurity teams, there also needs to be clear expectations as to what constitutes an adequate response to an incident. In some aspects, attacks become a war for data. It’s key that IT and security teams quickly understand how to remove an attacker without harming evidence for forensic or internal use.
Team members need to be trusted to use their experience and judgement to collate and action data in real-time. Rather than be hamstrung by processes, cybersecurity teams should have clear time windows for responding to a threat.
Immutable backups
What if an attacker wins? What if a ransomware operator manages to encrypt your critical operational data, lock your machine access and prevent you from interacting with your teams? It’s never an easy scenario for any organisation. But the worst outcomes from an attack can be mitigated if a team has a recovery plan. That’s why backups are critical.
Cybercriminals are wise to the value of backups for their targets, however. As a result, hackers often target backups alongside a business’ live data and workflows to force the organisation into a corner and inflict maximum damage.
To this end, you need immutable backups – backups that can’t be edited or deleted by anyone in an organisation within a specified time window. This means you’ll have a guaranteed resource for backing up at hand, even if a cybercriminal’s control over a network is nigh total.
However, it’s worth remembering that restoring services may not be the only challenge you face. Immutable data can do nothing to prevent an attacker from sharing your sensitive information and many ransomware operators are picking up on this and turning to extortion alongside a ransom. This is why a protection strategy always must remain crucial, along with strong resilience.