Jul 11 2023

Why Utilities Should Prioritize Identity and Access Management

Most data breaches involve compromised credentials, making IAM an essential component of cybersecurity.

The shift to hybrid and remote work has naturally led to a surge in the use of mobile devices, cloud applications and Internet of Things systems. It has also led to increased cybersecurity vulnerabilities, as far more endpoints are in operation for cybercriminals to exploit.

These vulnerabilities are a particular concern for the energy and utilities industry, which oversees some of the nation’s critical infrastructure.

A 2022 report from PwC that identified the top focus areas for energy and utilities cyber leaders highlighted the need for improved confidence in their ability to manage threats, faster response to incidents and disruptions, and increased prevention of attacks.

In 2022, the energy and utilities sector experienced a surge in cyberattacks with the highest number threats in six years. Fortunately, beefing up identity and access management can help companies in this sector weather the cybersecurity storms they face, but the time to get started with IAM is now.

After all, proactive measures are more valuable than reactive responses when it comes to defending against a cyberattack.

Click the banner to learn how your organization can increase its ransomware recovery capabilities.

Understanding the Current Energy and UtilitiesThreat Landscape

To be proactive, industry leaders need to understand what they face. In this case, that means knowing how cyberattacks are happening. Ninety-four percent of organizations have experienced a data breach at some time in their history; nearly 8 in 10 organizations experienced one in the past two years. The most frequent kinds of attack were credential theft and social engineering or phishing schemes that target employees, a common weak link in a company’s security posture.

Most breaches involve compromised credentials because these attacks work, experts say.  A cybercriminal who enters an organization’s network under the guise of an authorized user can often operate largely undetected, compromising the entire operation.

And because roughly half of organizations don’t have a policy on the security requirements of their remote workers — a third don’t even require remote workers to use any method of authentication — unsuspecting users provide easy access for cybercriminals.

Mary Ruddy
Evolve your IAM deployments to better fit the changing needs of your organization.”

Mary Ruddy Vice President and Analyst, Gartner

Better Management of Privileged Access Can Reduce Risk

It may seem simple, but multifactor authentication, limited platform access and other components of IAM go a long way toward reducing an organization’s vulnerability.

In fact, IAM solutions can reduce the risk of data breaches by as much as 50 percent, which explains why most organizations that implement them report an improvement in security posture. Given the $4.4 million average cost of a data breach, IAM is crucial.

McKinsey reports that the large attack surface of Internet of Things devices is one the primary causes of cyberattacks in the energy and utilities sector, driving to theft of customer information, fraud and disruption of service. And the IoT attack surface will only grow larger.

LEARN MORE: Find out how predictive analytics can help forecast energy needs.

A 2022 Gartner report states that a surge in the number of computing devices and their use in hybrid and multicloud environments is driving the need for smarter access.

“It is critical for security and risk management leaders to architect more flexible IAM infrastructure and for IAM teams to partner with other functions to meet changing organizational requirements,” says Mary Ruddy, vice president and analyst at Gartner, in the report.

“Evolve your IAM deployments to better fit the changing needs of your organization.”


The percentage that IAM solutions can reduce the risk of a data breach

Source: Abdalslam, Identity And Access Management (IAM) Statistics, Trends And Facts 2023, July, 2023

How Organizations Can Get Started with IAM

Deploying an effective IAM solution can provide a big boost to an organization’s cybersecurity posture. Companies should start with a comprehensive analysis to pinpoint vulnerabilities and identify potential solutions to address them.

The next steps should focus on strengthening basic security controls, including directory services, firewalls, remote access, identity governance and access management. With this completed, IT staff should work to establish the core elements of an IAM program, such as privileged account management, single sign-on and adaptive authentication.

EXPLORE: Learn about the latest technology driving the energy and utilities industry.

By following a IAM maturity model, an energy and utility company can improve its efforts over time. This may include taking advantage of automated solutions or implementing a zero-trust security approach.

Ultimately, energy and utility companies that implement an effective IAM approach can better protect their business — and the nation’s critical infrastructure — from dangerous breaches.

ArtistGNDphotography/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT