Research + Tech

Is your company cyber resilient?

When it comes to cybersecurity, companies often focus solely on preventing potential cyberattacks. However, it is impossible to be completely protected from every threat.

In Harvard Business Review, Keri Pearlson, executive director of the research consortium Cybersecurity at MIT Sloan, Cambridge, Mass., says it is crucial companies move from a prevention mindset to a resilience mindset. Although focusing on prevention means doing all you can to keep cybercriminals out, focusing on resilience adds an additional layer as you work with the expectation that a cyberattack still can happen and invest in preparing to respond and recover when it does.

Pearlson shares the following things leaders of cyber resilient companies do differently.

• They build a culture of cybersecurity. These leaders have ensured everyone in the company—no matter their positions—play a role in helping the company be secure and resilient. They build values, attitudes and beliefs about the importance of keeping the company resilient rather than simply relying on technology-based barriers.
• They prepare responses to a cyberattack—and practice. These companies conduct exercises and drills so everyone knows what to do if an incident occurs. Leaders can stress-test processes, structures and technology so they respond more quickly. Pearlson says the most common way to test business recover plans and incident response plans is to design an exercise that simulates a cyberattack and then employ the response plan. You even could include third parties, such as suppliers, customers or consultants.
• They are “secure by design.” The concept of secure by design typically refers to the practice of thinking about security of a digital system or application at the earliest stages of the design process; however, leaders can apply the practice to their entire companies. Leaders can look for ways to design their organizations, processes and technology with consideration for security and resilience from the beginning.
• They have the right communications processes in place. When considering crisis communications, it is important to have a backup plan. For example, a company’s crisis communications plan may involve communicating via email, but if a breach occurs, email communication may be compromised and unavailable. Delays caused by an unclear or ineffective communications plan can harm the recovery process. It is important to have a crisis communications plan in place that considers various types of communication.

To help contractors address cyber liability risk, NRCA has partnered with BPM Insurance Services and Acrisure to create NRCA’s Cyber Liability Insurance Program, available at nrca.net/cyberpolicy.

SPRI to canvass TDP-1 test standard

SPRI has announced it is partnering with FM Approvals to create a new standard, “Test Standard for Comparative Adhesion Strengths of Waterproofing Membranes, Membrane Adhesives and Board Stock Materials or Other Suitable Substrates Used with Low-Slope Roofing Systems.”

The proposed standard will be canvassed for approval as an American National Standard and is based on FM Approvals’ existing small-scale test procedure for membrane adhesive and board stock or other suitable substrate evaluation. The test procedure is used to determine the maximum failure load of waterproofing membranes and board stock materials or other suitable substrates when secured with a membrane adhesive and exposed to a linear load perpendicular to the plane in which the waterproofing membrane is installed on the board stock material or other suitable substrate.

For more information, visit spri.org.

Generative AI can help prevent fraud

The construction industry is plagued by fraud and ranks in the top five median losses by industry, according to a report by the Association of Certified Fraud Examiners. The report also indicates the median loss for the construction industry is $250,000 and the median duration of a fraudulent scheme is 12 months.

Construction Executive shares the following benefits of using generative artificial intelligence to detect and prevent fraud.

Improve fraud detection and prevention accuracy and efficiency. Generative AI can generate realistic and diverse fraud-detection and -prevention scenarios based on inputs such as contracts, invoices, project specifications, receipts and reports. This can help identify and quantify potential fraud risks and indicators, as well as their patterns and anomalies. Generative AI can generate solutions such as fraud-prevention strategies, fraud-detection thresholds and fraud-response actions. This can help reduce the likelihood and effect of fraud, as well as the time and cost of fraud detection and prevention.

Enhance fraud-detection and prevention learning and innovation. Generative AI can generate novel and unexpected outputs, such as new fraud schemes, fraud-detection methods and fraud-prevention measures based on existing data. This can help expand the construction industry’s fraud-detection and -prevention knowledge base and facilitate the discovery of new opportunities.

Increase fraud-detection and prevention communication and collaboration. Generative AI can generate visualizations and narratives based on fraud data and insights. This can help stakeholders, such as project owners, contractors, suppliers, regulators and insurers, communicate and share fraud information and knowledge to facilitate better decision making and coordination.

WEB
EXCLUSIVE

• Web exclusive: Click below for more information.
• Association of Certified Fraud Examiners’ report