Skip to main content
HeightsGlobal InsightsSpecial FeatureTips & Guides

Strengthening Defences Against Cyber Threats in the Construction Industry

By October 18, 2024#!31Fri, 25 Oct 2024 13:01:42 +0800+08:004231#31Fri, 25 Oct 2024 13:01:42 +0800+08:00-1Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx31 25pm31pm-31Fri, 25 Oct 2024 13:01:42 +0800+08:001Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx312024Fri, 25 Oct 2024 13:01:42 +08000110110pmFriday=986#!31Fri, 25 Oct 2024 13:01:42 +0800+08:00Asia/Kuala_Lumpur10#October 25th, 2024#!31Fri, 25 Oct 2024 13:01:42 +0800+08:004231#/31Fri, 25 Oct 2024 13:01:42 +0800+08:00-1Asia/Kuala_Lumpur3131Asia/Kuala_Lumpurx31#!31Fri, 25 Oct 2024 13:01:42 +0800+08:00Asia/Kuala_Lumpur10#No Comments
Strengthening Defences Against Cyber Threats in the Construction Industry

The construction industry, often underprepared for cybersecurity threats, faces increasing risks as hackers continue targeting vulnerable software systems like Foundation Accounting Software. This issue highlights a broader concern within the industry: the need for more robust cybersecurity measures.

To counter these threats, the first step is eliminating default credentials on critical accounts such as “sa” and “dba”. According to experts, this simple yet effective measure of changing these passwords to more complex and unique ones can significantly reduce the chances of a successful brute-force attack. Additionally, companies should avoid exposing their MSSQL database servers to the public internet unless absolutely necessary. If exposure is required, securing these servers with firewalls or VPNs can effectively limit unauthorised access.

Disabling dangerous features—such as XP extension, a stored procedure that allows hackers to run operating system commands from SQL queries—is another vital measure. This reduces the number of entry points that attackers can exploit once they have gained access to the system.

Cybersecurity firms, including Huntress, have observed that many of these attacks are automated, allowing hackers to target multiple companies within minutes. Therefore, investing in intrusion detection systems that monitor for suspicious behaviour, such as multiple failed login attempts, is crucial. Early detection and response can prevent more severe breaches from occurring.

While there is no direct evidence that Malaysian companies use Foundation Accounting Software, the broader lessons in securing construction-related accounting software are equally applicable. As Malaysia continues its rapid development with projects like the ECRL and MRT expansions, ensuring robust cybersecurity protections in similar software systems is not just critical, but also inclusive of the need to safeguard sensitive financial and operational data.

Related article: Hackers Target Construction Firms Through Vulnerable Accounting Software