Safeguarding Data in an Expanding Threat Landscape
Security is top of mind for the energy sector in the wake of highly publicized ransomware attacks on utilities over the past year. But the attack surface has broadened even further as energy providers have rolled out IoT devices during the pandemic.
Most utilities serve large geographical areas, and unmanned IoT devices have made it more possible to provide uninterrupted service from a more stable grid. However, as McKinsey points out, “both geographic distance and organizational complexity make the industry vulnerable to cyberattacks.”
Still, cyberthreats are not insurmountable if companies take a structured approach to security “that applies communication, organizational, and process frameworks along with technical improvements in a few areas can significantly reduce cyber-related risks for utilities,” according to McKinsey.
Common Security Concerns Presented by IoT Devices
Despite their many benefits, IoT devices can become security concerns “by giving cyber criminals access to connected networks, enabling them to steal critical corporate data and user credentials,” according to Fortinet. “Organizations therefore must understand how to secure IoT devices and recognize the top IoT vulnerabilities they face.”
Among the vulnerabilities Fortinet lists, the use of weak and recycled passwords is a common issue. Insecure networks also present a security risk: “Insecure networks make it easy for cyber criminals to exploit weaknesses in the protocols and services that run on IoT devices. Once they have exploited a network, attackers can breach confidential or sensitive data that travels between user devices and the server.”
Improper device management and failing to regularly update and patch software programs can also contribute to a breakdown of security for IoT devices. “This is because vulnerabilities can come from any layer of IoT devices. Even older vulnerabilities are still being used by cybercriminals in order to infect devices, demonstrating just how long unpatched devices can stay online,” according to Trend Micro.
How Utilities Can Better Secure IoT Devices
Minimizing the risk inherent in the use of IoT devices requires the application of some best practices, including password management, network segmentation and cloud-based solutions.
Strong passwords can help prevent many cyberattacks. Trend Micro recommends identifying password managers, who can help users create unique and strong passwords that can be stored in the app or software itself. This practice is especially necessary for IoT devices, since they have limited computational abilities and minimal space for the robust data protection and security required to defend against cyberattacks.
Network segmentation is another tool that can be employed to minimize risk. Creating independent networks for devices and guest connections can help prevent attacks from spreading and isolate individual problematic devices so they can be taken offline before causing too much damage.
Trend Micro also suggests a greater reliance on cloud computing: “The IoT and the cloud are becoming increasingly integrated. It is important to look at the security implications of each technology to the other. Cloud-based solutions can also be considered to deliver added security and processing capabilities to IoT edge devices.”