How Willemen Groep secured its digital construction site.
From large-scale infrastructure to complex buildings: the Willemen Groep is literally building the future. With more than 2,000 employees and hundreds of construction sites, securing all networks is at least as challenging as the projects themselves. How do you maintain control over digital access when your core business is construction, not cybersecurity?
In 2022, that challenge suddenly became tangible due to a ransomware incident. Under the motto “never waste a good crisis,” the Willemen Group started a strategic collaboration with ACEN. The goal: a 24/7 Security Operations Center (SOC) that detects threats before they cause damage. In this way, the company made the transition from reactive recovery to proactive security.
Read all about how Willemen Groep was able to secure its digital construction site.
The challenges
A wake up call:
In 2022, Willemen Groep was hit by a ransomware attack. Although the damage was limited, the conclusion was clear: their security roadmap (which had already been drawn up) needed to be accelerated.
The incident became the motivation to put security firmly on the agenda.
No permanent cybersecurity:
Having your own team on call 24/7?
For a company like Willemen Groep, that’s unmanageable.
The internal IT team’s focus is on Willemen Groep’s core business, not on monitoring alerts non-stop, which makes sense.
Hundreds of construction sites, with risk:
With an average of 100 active construction sites and many temporary partnerships, there is a high risk of digital intrusion. Each with its own connections and systems, making the attack surface larger and larger. Without a central overview, it was impossible to intervene in time in case of suspicious activities.
Since the incident in 2022, I have never really felt at ease again. But knowing that a professional team like ACEN is monitoring us 24/7, provides enormous peace of mind and a much higher level of maturity.
The solution: SIEM, SOAR, Google SecOps
The chosen approach combines central visibility, intelligent detection, and automated response within a single integrated security model. The solution is based on three pillars:
- SIEM (Security Information and Event Management): This acts as the ‘digital nervous system’. All security signals and log data from sites and office systems are centralized and correlated here. The SIEM recognizes patterns that could indicate an attack, which would otherwise go unnoticed in the data stream.
- SOAR (Security Orchestration, Automation, and Response): Where SIEM detects, SOAR takes action. In the event of a clear threat (such as an impossible login), the platform executes automated workflows to block accounts or isolate systems. This happens in fractions of a second, without the need for human intervention.
- Managed SOC: A specialized team at ACEN monitors these systems 24/7, performs proactive analyses, and intervenes in complex incidents that fall outside the scope of the automated scripts
This new approach offers more than just security. It helps Willemen Groep demonstrate that it meets strict security requirements in tenders and keeps cyber insurance affordable.
Security evolves so rapidly that you constantly need experts who work on it every day. By choosing a Managed Security Provider, Willemen has direct access to an entire team that takes care of everything for them 24/7.
