GCHQ issues new guidance for construction firms to tackle cyber crime

The National Cyber Security Centre (NCSC) has recently released tailored advice and guidance specifically for construction firms, to help them combat the growing threat of cyber crime within the sector. The industry has been specifically targeted in recent years by cyber criminals, and as the nature of attacks become more sophisticated, the threat is getting bigger.

Matthew Wharton, a director of Darlington-headquartered Wharton Construction recently noted “Whilst construction companies are not alone in the fight against cyber crime, the sector has been impacted significantly by the move to new digital ways of working. This is a fragmented and disjointed industry, dealing with numerous clients, invoices, and an extensive supply chain. At the same time, it is embracing new technologies and digital ways of working which increases its exposure to cyberattacks.”

A number of high profile attacks have affected large companies within the industry including Amey, Intersect and Bam Construct. In fact, recently, the construction sector has been identified as the number one target for cyber crime. Construction companies are viewed as particularly attractive targets for cyber criminals as they hold large amounts of sensitive data and are a particular target for spear phishing attacks given the nature of their supply chains.

The guidance released by the NCSC is split into two parts, including an education piece around why cyber security is important, and a second section which outlines various practical steps that organisations can take to improve their cyber security. Guidance is targeted at small to medium sized companies, and their extended supply chain. Matthew Wharton also noted “the construction industry has not historically been a target of cybercrime and as such many SMEs are unprepared or unaware of the threat”. This reflects the fact that a growing proportion of cyber attacks are now targeting weaker links within the supply chain.

This move by the NCSC highlights once again the growing threat of cyber crime to organisations and their supply chains. Cyber criminals are now more actively targeting small and medium sized businesses, and the supply chain directly. Cyber attacks are potentially extremely costly, and can affect business relationships, and reputation as well as being extremely expensive to recover from. By taking simple, prompt, and ideally collaborative action, businesses can protect themselves effectively against a host of threats.