The construction industry is notorious for its reliance on complex supply chains. Entire ecosystems of partners and suppliers collaborate to produce the urban landscapes of tomorrow. Unsurprisingly of course, there’s a comprehensive legal and regulatory ecosystem that’s grown up with it, along with mature frameworks for managing traditional forms of risk.
But what about cyber risk? We know from experience that the supply chain often represents a hidden back door by which cyber threats can wriggle their way into the organisation and cause untold mayhem (trawl the Internet and you’ll find horror stories of air conditioning suppliers compromising corporate networks, or of business partners deleting critical shared information due to human error). We also know that even the most cyber-mature organisations can struggle keeping their supply chains secure. In essence, the problem is that while an organisation might have gone to considerable lengths to secure information under its own direct control, in many cases it might have limited capacity to do so beyond its corporate perimeter. Unless, that is, the right mix of risk management, legal, and technical safeguards are put in place. And that’s the tricky bit.
Side note: Just because you’re using a complex cloud-based system, don’t assume it’s secure! McAfee* recently revealed that the number of remote attacks targeting cloud services increased by 630% between January and April this year.
Let’s go back to basics for a moment. Irrespective of the futuristic labels that festoon the cyber world and the security technologies that accompany it, don’t forget that really it’s still all about information. Since the dawn of mankind information has accrued value for its owner. It delivers competitive advantage. It’s intelligence about our customers that enables us to sell services to them without incurring undue risk. It’s the blueprint for the self-sufficient eco-development that earns plaudits from urban planners and design gurus alike. But information has a nasty habit of seeping all over the place. Think of information as water that trickles throughout the arterial canals and rivulets of your organisation. Well channelled and protected, it enables the business to thrive. Leave a sluice gate open inadvertently and – to mix metaphors – you’re toast.
My main point here is that in industries such as Design and Construction, no business can afford to lose sight of its critical information assets – whether they’re under your own direct control, shared with a business partner, or sitting in the ether somewhere as part of some cloud-based solution. So irrespective of how well you think you’re on top of the cyber threat, make sure – at a minimum – that your business is acting on the following:
What is listed here represents a minimum set of activities any business should be undertaking if it’s even mildly serious about cybersecurity (and of course many large organisations will be doing way more in terms of cyber governance and risk management). If you’re not sure your business could answer any of the above questions confidently, maybe it’s time to take a much closer look.
About the author
Co-Founder & Director, CRMG