The first ever industry-specific cyber security guide has been issued by GCHQ and its National Cyber Security Centre amid growing fears of threats to fenestration and other construction SMEs.
Recent high profile cyber attacks against the construction industry illustrate how businesses of all sizes are being targeted by criminals, say the Centre’s experts: “As the industry continues to embrace and adopt new digital ways of working, it is more important than ever to understand how you might be vulnerable to cyber attacks, and what you can do to protect your business.
“Whilst we cannot guarantee protection against all the cyber threats you face, by implementing the steps described, you’ll be protected from most common cyber attacks. And should the worst happen, you’ll able to quickly recover.”
One recent victim of a major cyber attack was Safestyle which had to issue a stock market notice of ‘cyber incident’ that had caused a shut-down of all its systems https://www.the-glazine.com/?p=5139 .
The guidance, launched with the Chartered Institute of Building (CIOB), is aimed at SMEs across the industry and the wider supply chain, including manufacture, surveying, and the sale of buildings. It comes as businesses rely more on digital tools such as 3D modelling packages, GPS equipment and business management software.
Construction businesses of all sizes continue to be targets for cyber attackers due to the sensitive data they hold and high-value payments they handle.
The guide offers practical advice for each stage of construction, from design to handover, and sets out the common cyber threats the industry faces, including from spear-phishing, ransomware and supply chain attacks.
Last year, a survey by the Department for Digital, Culture, Media and Sport found more than a third of small businesses fell victim to a cyber security breach or cyber attack in the previous year, with this increasing to 65% for medium-sized businesses.
Sarah Lyons, NCSC deputy director for economy and society engagement, said:
“As construction firms adopt more digital ways of working, it’s vital to put protective measures in place to stay safe online – in the same way you’d wear a hard hat on site.
“That’s why we’ve launched the new Cyber Security for Construction Businesses guide to advise small and medium-sized businesses on how to keep their projects, data and devices secure.
“By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber attack and build strong foundations for their overall resilience.”
Caroline Gumble, Chief Executive of the Chartered Institute of Building, said:
“The consequences of poor cyber security should not be underestimated. They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing. As such, managing data and digital communications channels is more important than ever.
“This guide provides a timely opportunity to focus on the risks presented by cyber crime, something that has been highlighted by CIOB for some time.”
The new guidance is split into two parts: the first aimed at helping business owners and managers understand why cyber security matters, and the second aimed at advising staff responsible for IT equipment and services within construction companies on actions to take.
The advice outlines seven steps for boosting resilience, covering topics including creating strong passwords; backing up devices; how to avoid phishing attacks; collaborating with partners and suppliers; and preparing for and responding to incidents.