Case Brief
A construction company was facing a growing phishing email problem. This can lead to data breaches, financial losses, operational disruptions and reputational damage. Withum’s Cyber and Information Security team stepped in and provided key information that the organization used to improve its cybersecurity posture.
The Client
The client is a U.S. family-owned and operated construction company that has been in business for over twenty years. They provide various construction services, including landscaping, architecture and masonry.
The Challenge
The construction company faced significant cybersecurity risks, including unknown vulnerabilities within its network. They were unaware of how much sensitive information about their organization could be accessible through the internet, exposing them to potential breaches. With infrastructure weaknesses and increasing phishing attacks, they needed expert support to assess and strengthen their overall cybersecurity posture.
The Approach and Solution
Recognizing the urgency of the situation, Withum partnered closely with the construction company to develop a comprehensive strategy for addressing its cybersecurity vulnerabilities. Withum’s cyber checkup was crafted specifically for this
business and its needs. Withum assisted the construction client by:
- Conducting internal and external vulnerability scans to identify weaknesses in the company’s infrastructure. Key findings were accompanied by recommendations for remediation to enhance their overall security posture.
- Performing a dark web review to assess whether any sensitive company information, including email addresses and passwords, was exposed, providing insight into possible breaches and actionable steps the construction company can take.
- Establishing a baseline of the company’s current cybersecurity posture through these scans, with critical findings highlighted for immediate client remediation to prevent future exploitation.
- Providing a security health check report summarizing the results and offering a clear roadmap for improving the client’s cybersecurity measures and protecting against external and internal threats.
The Results
Withum identified a critical vulnerability that was exposing sensitive internal information to the internet and potential malicious actors. An opening on the external firewall allowed anyone from the outside to see specific information related to users and devices on their network, which most likely contributed to the increase in targeted phishing emails they were experiencing. Withum provided the construction company with the information they needed to address this vulnerability and protect their sensitive internal information.
Withum also provided the construction client with:
- Compromised passwords on the Dark Web related to company users. This allows the construction company to educate users not to use compromised credentials and to change existing passwords if they are compromised.
- Information on other vulnerabilities on their network with what they should share with the IT provider to address those findings.
- Insight into the effectiveness of their IT company in protecting their network.
Overall, Withum’s comprehensive approach not only improved the construction company’s cybersecurity posture, but also empowered them with the knowledge and tools necessary to safeguard their operations against future threats.
Contact Us
For more information, please contact a member of our team.
