NCSC Issues First-Ever Cybersecurity Guidance for the Construction Industry
In the UK, the National Cyber Security Centre (NCSC) has released its first cybersecurity guidance to the construction industry, providing practical advice for firms on how to protect their businesses and building projects from cyberattackers. The guide offers details on the most common attack vectors faced by the industry, including ransomware attacks, supply chain attacks, and spear-phishing. The publication was launched as a joint effort between the NCSC and the Chartered Institute of Building, and addresses all aspects of construction from design to handover.
Some of the practices recommended in the guide include using strong passwords, avoiding phishing attacks, backing up devices, and collaborating with partners and suppliers to form an incident response protocol. The NCSC mentioned that businesses in the sector should treat cybersecurity measures as necessary as wearing a hard hat on site, as one protects workers from physical harm while the other protects companies from technological harm. Threats against the construction sector have been rising, as these companies are seen as lucrative targets due to the sensitive data they hold and the value of payments processed. In addition, these organizations are becoming increasingly dependent on digital technologies to conduct their work.