We live in a digital age with technology affecting every aspect of industry and human life. The benefits of course are many, but at the same time it cannot be denied that – as with every advancement in human history – there are cons as well as pros. In the case of a heavily process-driven industry like EPC and construction, we can see how the advancement of digital technologies was bound to create a whole array of new risks, dangers, and challenges that earlier generations of project organisations did not have to contend with. In other words, the EPC projects industry is no exception to cyber security issues and today’s PMIS project management software and indeed, any kind of digital project management system has to take that into account.
As technology becomes an integral part of project management and the need to provide access to project information on the cloud continues to grow, the need to keep project information secure grows in parallel. In today’s blogpost let’s look at some of the most critical security risks that today’s project organisation may come up against and which the organisation might want to keep in mind while evaluating a PMIS project management software.
Distributed Denial of Service (DDoS) Attacks
You can think of DDoS attacks like a kind of traffic jam which disrupts the normal flow of traffic. Unlike a traffic jam however it is caused deliberately and with malicious intent. It is done by flooding a network or server with huge amounts of traffic in an attempt to disrupt the service. DDoS attacks are carried out by hackers using several computer and other IoT (Internet of Things) devices. Modern DDoS are extremely powerful and with more companies moving project management and collaboration to the cloud, such attacks can leave project companies very vulnerable. Many attempted strategies have been tried to address this problem but the only proven solution so far has been to set up dedicated DDoS migration plans, which continuously monitor the company’s LAN/WAN traffic and keep checking for changes in bandwidth consumption which could indicate an attack. That is why modern digital project management system have to be part of this monitoring.
Self-propagating Malware & Ransomware
Self-propagating viruses have become one of the most serious cybersecurity risks in current times and have the potential to cause huge financial losses. Sometimes dubbed SPM (SelfPropagating Malware), such attacks usually spread via automated software updates on unpatched workstations, with the goal being the destruction of data rather than the extortion of money. Research on this continues, but so far the best solution is to keep all your systems patched – and of course make sure all data is fully backed up. In such situations the value of a good PMIS project management software is easy to understand since it keeps the project’s data backed up at all times.
Phishing & Vishing
We are all familiar with the term Phishing, which is when emails containing malicious links are sent out to recipients by scammers who are skilled at convincing people that they are legitimate. The recipient can be then tricked into revealing information which can be used by the scammer to extort money in some way, either directly or indirectly. Phishing is in fact one of the oldest identified cyber-security risks and continues to affect netizens all over the world, with older populations being particularly at risk. Awareness is the best defense against phishing and companies must train employees to recognise and flag suspicious emails while at the same time do their best to install automated email-filtering/scanning systems that can add one layer of protection to their employees.
Vishing, another version of phishing, refers to phone calls used as the medium of contact by which a scammer gets in touch with their victims. In this case the scammer speaks to the victim on the phone and builds trust, getting them to alter settings and in some cases change their passwords, which of course leaves them vulnerable to the scammer. In this case again the only solution is to educate the general public and equip them with knowledge on how to recognise and prevent such attacks.
All that said, human error and malicious intent are as always the biggest risk when it comes to cyber crime, and are the hardest to defend against. For a company, its employees can be the biggest security threat, and this is especially true of project organisations which employ workers from a wide variety of locales and offices. Whether through human error or deliberate misuse, it is difficult to control cyber risks in modern projects precisely because of the increased adoption of digital project management systems. And again, the only solution is education, training, and alertness, aggressively training employees by instituting security policies, and making sure to control access to key information on the basis of strict verification and authorization.