Data Breaches, Cyber Security, in the Construction Industry

by Alex Liew, Executive Director, Glocomp Systems (M) Sdn Bhd

When it comes to Construction Business is cyber security a major concern? Maybe it did not cross your mind that your company will be a potential target for a cyberattack. Construction and building industry is evolving through internet connected collaboration and remote accessible tools systems such as Building Information Modelling (BIM), as well as storage services located on cloud for the purpose of data transfer and sharing. This has created a loophole for data breaches for organizations that cybercriminals can extract and obtain data illegally for personal interest, or sabotaging by selling it to a competitor company.

Construction firms have access to a wealth of information that might be desirable to hackers. Intellectual property, proprietary assets, architectural drawings and specifications as well as corporate banking and financial accounts are all prime targets. According to a 2020 Channel Tech Asia article [1], the average cost of a cyber-security attack for organisations in Malaysia where more than 85 per cent of respondents believed they could estimate the costs of cyber security incidents, companies estimated an average of S$31,000 per attack.

Taking appropriate steps to secure systems and infrastructure is a key first step; however, it is not fool proof. Cyber-attackers have an unending supply of creative ways to infiltrate secure networks. Given this risk, it is important for companies to consider how to mitigate their exposure when a strike occurs. The ways of protecting can include:

1. Implement Data Loss Protection Solution in the organization in order to prevent unauthorized access and data loss.
2. Securing data uploaded to the cloud by implementing a Cloud Access Security Broker in order to act as an intermediary between users and cloud service providers. It is able to provide visibility for employees who uses cloud services. This is a way to enforce consistent security policies across multiple clouds and safeguard both users and corporate data.

Data Loss Prevention Solution (DLP)

Regardless of size or industry, an organization needs a data loss prevention (DLP) strategy to prevent data from being improperly accessed or circulated. The strategy should focus on the protection of valuable, sensitive or regulated data, such as financial data and intellectual property. DLP typically involves both technologies and policies. For example, configuring user workstations to block the use of USB devices and having formal policies regarding sharing confidential data via email or unauthorized sharing and even printing.

For a comprehensive protection, organizations may deploy a data loss prevention solution, which can help them to:

• Control permissions to access or circulation of sensitive information assets via tagging, fingerprinting, classifications to optical character recognition.
• Monitor successful and failed activity on workstations, servers and networks, including who is reading or copying which files or taking screen shots. Who is printing unauthorized materials without permission and stopping them.
• Audit information flows inside and outside the organization, including those from remote locations using laptops and other mobile devices.
• Control the number of information transfer channels (such as use of flash drives and instant messaging apps), including the interception and blocking of outgoing data streams.
• Encrypt on workstation laptops and drives in order to prevent data loss in case assets are stolen or unauthorized access.

Cloud Access Security Broker (CASB)

Cloud access security broker (CASB) allowed enterprise security professionals to gain visibility into the cloud, particularly unsanctioned software-as-a-service (SaaS)[1] usage, or Shadow IT[2]. The increase in cloud-to-cloud traffic requires companies to enforce controls that protect sharing and collaboration within cloud services between employees and external users.

For example [2], a company can define a CASB policy to find all files in Box[3] that are shared with non-approved domains such as personal email IDs and revoke sharing permissions. Policies can also be applied to revoke all untraceable shared links that can be forwarded to anyone. Using a CASB, companies can also leverage DLP policies and data classification to prevent the sharing of internal-only documents with any external party.

For Shadow IT, CASB functionality can be defined into 4 categories:

Visibility

To safeguard users, confidential data, and intellectual property, a CASB solution provides comprehensive visibility into cloud app usage, including user information such as device and location info.

Compliance
Cloud access security brokers can help maintain compliance in the cloud by addressing a wide variety of compliance regulations such as HIPAA, as well as regulatory requirements such as ISO 27001, PCI DSS, and more. It is also able to identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements.

Data Security
The combination of CASB with sophisticated DLP allows IT the ability to see when sensitive content istraveling to or from the cloud, within the cloud, and cloud to cloud. By deploying security features like data loss prevention, collaboration control, access control, information rights management, encryption, and tokenization, enterprise data leaks can be minimized.

Threat Protection
Detect and respond to negligent or malicious insider threats, privileged user threats, and compromised accounts.
With machine learning-based user and entity behaviour analytics (UEBA) technology, CASBs can detect and remediate threats as soon as someone attempts to steal data or improperly gain access. To protect against threats coming from cloud services, the CASB can uses different capabilities and technology to block malware.

What if your Company lack of Cybersecurity resources?

Initial phase of suggestions is to provide a high level first step in assessing your company’s IT preparedness. Should additional resources be necessary to improve the IT security infrastructure, we will recommend you to consult a third party cybersecurity consulting to do an assessment of your IT structure and risks.  Experienced IT advisors can provide you the expertise on security consultancy.

In conclusion, the increased use of technology and data sharing between developers, designers and contractors has certainly increased the quality and efficiency in project delivery, but it has also exposed vulnerabilities that need to be addressed and mitigated. Cybercriminals will continue to target the construction industry as companies adopt new technology in the office and at the worksite. However, companies can mitigate the risks associated with a cyberattack by incorporating prevention solutions into the environment.

[1]Software-as-a-service (SaaS) is an on-demand, cloud-based software delivery model that enables organizations to subscribe to the applications they need without hosting them in house

[2] Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval

[3] Box is a cloud computing business which provides file sharing, collaborating, and other tools for working with files that are uploaded to its servers