In addition, companies should know the IP addresses used by subcontractors in accessing systems. Unrecognized addresses should be automatically blocked.
Better password management is also a way to prevent a cyberattack. In general, a subcontractor's employees will share the same credentials to access a customer's systems. Those credentials are seldom changed, even when an employee leaves the company.
"That's why it's doubly important to make sure those accounts and systems have very restricted access, so you can't use that technician login to do other things on the network," Melancon said.
Every company should do a thorough review of their networks to identify every building system. "Understanding where these systems are is the first step," Rios said.
Discovery should be followed by an evaluation of the security around those systems that are on the Internet.
Sign up for CIO Asia eNewsletters.