Like most every sector of the global economy, the design and construction industry has become exponentially more digital, more connected and more cloud-based. Project managers on job sites rely heavily on their ever-present tablet devices, and massive amounts of information and data on everything from drawings to budgets and contracts are generated and shared seamlessly in a digital environment.
Technology has revolutionized the industry, streamlined processes and made the sharing of vital information so much simpler. But creating these open pathways to enable the seamless flow of data comes at a cost. For firms of all sizes and types, the threat of cyber attacks continues to grow and the need for cybersecurity is greater than ever.
“The threat landscape is constantly evolving and the need to adapt cyber defenses is something that requires attention every day,” says Mike Carr, vice president, Information Technology for Clune Construction, a national general contractor, headquartered in Chicago. “Threats from bad actors have increased and threats come in daily. We routinely see standard attacks, such as spear-phishing and whale-phishing, but a lot of threats have become more complex and targeted.”
The types of threats companies face vary depending on where they are in their adoption journey,” explains Aditya Thakur, director, Product Management at Autodesk Construction Solutions. “Some companies are still for the most part using manual workflows with pen and paper. Others are moving to cloud-based systems and asking how they secure their data. A few years ago, most customers were concerned with issues, like single-sign-on and wanted to make sure to add additional authentication to protect access to data. As customers become more sophisticated, they are thinking about the integrity of the data itself and maintaining it in case something was to happen.”
Sharing and Securing
Although the degree of adoption and technological reliance may differ from company to company, firms of all sizes and operations need to be thinking about cybersecurity. The amount of information that goes into building design and construction, the number of interactions involved and the overall level of technology adoption in the industry makes it very important for firms in all parts of the building process to be on alert.
“Most small- to mid-sized businesses do not have a dedicated cybersecurity department. However, maintaining a solid cyber defense is something every organization should strive for,” Carr says. “Companies should never assume their industry isn’t a target for attacks. All organizations should have a culture of security. Trends for 2023 indicate the use of artificial intelligence/machine learning to increase the effectiveness of phishing cam- paigns. Protecting remote and hybrid employees and mobile-device compromises are things to focus on this year.”
“The pandemic pushed a lot of companies to quickly adopt cloud-based solutions and, as a result, many of those companies are trying to figure out what their security roadmap should look like,” Thakur says. “Traditionally, construction has lagged slightly in terms of technology adoption. Previously there were mostly design workflows using Revit, AutoCAD and other design-authoring tools and the process would happen on paper, email and Excel. But now there’s a burst of activity in cloud services.”
Many threats are universal, but there are factors the construction industry specifically should consider.
“Based on my experience, there are challenges that are specific to the construction industry,” Thakur notes. “All companies need to think about how they secure their data, their employees and their information, but what can be unique in construction is that you might be working with 50 different companies sometimes on a single project. There is a lot of need for data sharing back and forth. As a general contractor, for example, you might invite numerous trade partners to your cloud, but how do you secure data you want private to yourself? That’s one challenge and another is that you might be dealing with many partners in vastly different stages of technology adoption.”