Construction companies often incorporate communication devices, software, and applications in their day-to-day business operations across multiple job sites and offices. Although these evolving technologies are being adopted to boost efficiency and productivity, they also open the door to security threats. Employees accessing company information through various networks as well as vendors and subcontractors needing access to certain systems and data create many susceptible points of infiltration for nefarious cyber criminals.
Once these bad actors have gained entry, they can often exploit internal security vulnerabilities, gaining access to sensitive and valuable data. Theft of intellectual property, fraudulent wire transfers, and ransomware attacks are just some of the incursions that can bring business operations to a screeching halt, cause devastating financial setbacks, and spur ensuing lawsuits.
Compared to other industries such as healthcare and banking, the construction industry has been largely unregulated in regard to data security and privacy regulations. The lack of these security regulations, paired with the profitability, proprietary information, and many moving parts inherent in the construction industry, has boosted the industry to be one of the top targets of hackers. This paper, Why The Construction Industry Is Being Impacted By Cyberattacks, And What to Do About It, written in conjunction with AGC, goes into further detail in support of this claim.
Unfortunately, these threats are not always external. An opportunistic internal employee with access to company systems and information is just as much of a threat, if not more so. To combat these issues, many companies have adopted “Zero Trust” security measures.
The article, Zero Trust Beyond Network Security, written by Carlos Liendo, a Data Security Solutions expert at COMPU-DATA, explains the concept, purpose, and components of a “Zero Trust” security framework.
“The ‘Zero Trust’ security framework was coined by former Forrester Vice President and Principal Analyst John Kindervag that created the idea of Zero Trust in 2009 to oppose the outdated assumption that everything inside an organization’s network should be trusted.”
“Zero Trust” is a relatively new security framework that secures data through processes and granular controls. It minimizes the impact and ramifications of any successful security breach through the way it compartmentalizes data and incorporates its underlying concept of “Never Trust, Always Verify”
“The initial approach, back in 2009, was the concept of Micro-Segmentation, which is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services to each unique segment.”
Since its origination, the “Zero Trust” Framework has been improved upon and is now more secure and all-encompassing. Architectures, such as The Zero Trust eXtended Ecosystems, take an exhaustive approach to securing information through controls and processes at the networks, devices, personnel, workloads, and data component level. For example, Zero Trust is an integral part of the Data onDemand workflow automation and file management solution developed by COMPU-DATA
As construction companies continue to adopt technologies to boost productivity and efficiency, the increased risk of cyber security threats should not be overlooked. Cyber attacks can be severely detrimental, costing time, resources, and reputation. Getting the right security measures in place is crucial to protecting vulnerable, highly targeted companies.
