The building sector has traditionally been considered a low-risk area for cyber security threats. However, recent years have seen a rapid increase in the use of technology in building management systems, creating new vulnerabilities that can be exploited by cyber criminals.

In this blog post, we will discuss some of the key cyber security vulnerabilities to the building sector and what building company security teams and managers can do to protect themselves.

Lack of Awareness

One of the biggest cyber security vulnerabilities in the building sector is a lack of awareness. Building company security teams and managers often assume that their systems are secure, and may not be aware of the risks posed by cyber attacks. This lack of awareness can lead to complacency and a failure to implement appropriate security measures.

Internet of Things (IoT) Devices

The increasing use of IoT devices in building management systems has created a new set of vulnerabilities. These devices are often not designed with security in mind, and can be easily hacked. Cyber criminals can use IoT devices as a backdoor into a building companies networks, giving them access to sensitive data and control over sensitive and critical information.

Legacy Systems and Applications

Many building companies still use legacy systems and out of date applications that are no longer supported by the manufacturers. These systems are often vulnerable to cyber attacks, as they may not have been designed with modern security threats in mind. Building company security teams and managers should consider upgrading these systems to newer, more secure solutions.

Third-Party Contractors

Third-party contractors are often given access to systems in order to carry out maintenance and repairs. However, these contractors may not have the same level of security awareness as the companies employing them, and can inadvertently introduce vulnerabilities to the system.

Social Engineering

Cyber criminals often use social engineering techniques to gain access to sensitive information. They may use phishing emails, fake websites, or other methods to trick personnel into divulging passwords or other information. Companies should be aware of these tactics and take steps to protect themselves.

So, what can organisations do to protect themselves from these cyber security vulnerabilities?

1. Raise Awareness - Information security teams within the organisations should make cyber security awareness a priority. They should educate themselves and their staff about the risks of cyber attacks and how to prevent them.

2. Secure IoT Devices - Company owners and managers should ensure that any IoT devices used in their systems are secure. They should use strong passwords, keep the devices up to date with security patches, and monitor them for any suspicious activity.

3. Upgrade Legacy Systems and Applications - Application owners should consider upgrading any legacy systems to newer, more secure solutions. This may require a significant investment, but it can help to protect the building from cyber attacks.

4. Vet Third-Party Contractors - Contracting managers should vet any third-party contractors that are given access to their building management systems. They should ensure that these contractors have appropriate security measures in place and are aware of the risks of cyber attacks.

5. Implement Social Engineering Awareness Training - Company owners and managers should implement social engineering awareness training for themselves and their staff. This can help to prevent them from falling victim to phishing emails or other social engineering tactics.

In conclusion, the building sector is not immune to cyber security threats. Company owners and managers must be aware of the risks and take appropriate steps to protect themselves and their buildings from cyber attacks.

By raising awareness, securing IoT devices, upgrading legacy systems and applications, vetting third-party contractors, and implementing social engineering awareness training, organisations can significantly reduce the risk of a cyber security breach.

Forint has recently opened a new threat monitoring capability, which provides increased visibility across the complete network, all contained within a single management portal. This allows the organisation to identify, view, remediate and continue business as usual activity seamlessly.

If you want to find out more on how our solution can save you time and money, then please do contact us.

Contact us to see how Forint can support you with the stages of Incident Response:

PREPARATION - There can be no guarantee that you will never be attacked. Therefore, a pre-prepared plan, with correctly exercised and documented activities can be created to allow the organisation to put an effective response to an identified attack.

• IDENTIFICATION - The correct tooling needs to be employed which monitors the critical assets, network infrastructure and external gateways to an organisations data. ​Learn how you can finely tune your assets to maintain maximum visibility of your estate.

• CONTAINMENT - Containment of the incident is paramount. The longer an incident is allowed to be run without containment can mean the success or failure to your organisation.

• ​RECOVERY - Once a cyber security incident has been contained, it is imperative that the organisations services are returned back to a workable state. See how to enhance the prioritisation and recovery of critical business assets, so that you can get back to business quickly.