Data protection in an expanding threat landscape
Security is top of mind for the energy sector in the wake of highly publicized ransomware attacks against utilities over the past year. But the attack surface has widened even further as energy providers have launched IoT devices during the pandemic.
Most utilities serve large geographic areas, and unmanned IoT devices have made it more possible to deliver uninterrupted service from a more stable network. However, as McKinsey points out, “both geographical distance and organizational complexity make the industry vulnerable to cyberattacks.”
Still, cyber threats are not insurmountable if companies take a structured approach to security “that applies communication, organization, and process frameworks along with technical improvements in a few areas that can significantly reduce cyber-related risks to companies across the board.” utilities,” according to McKinsey.
LEARN MORE: Find out how unified endpoint management tools can improve the security of connected devices.
Common Security Concerns Presented by IoT Devices
Despite their many benefits, IoT devices can become security problems “by giving cybercriminals access to connected networks, allowing them to steal critical corporate data and user credentials.” according fortnite. “Therefore, organizations need to understand how to secure IoT devices and recognize the top IoT vulnerabilities they face.”
Among the vulnerabilities Fortinet lists, the use of weak and recycled passwords is a common problem. Insecure networks also present a security risk: “Insecure networks make it easy for cybercriminals to exploit weaknesses in the protocols and services running on IoT devices. Once they have exploited a network, attackers can then breach confidential or sensitive data traveling between user devices and the server.”
Improper device management and a lack of regular updates and patches of software programs can also contribute to the failure of IoT device security. “This is because vulnerabilities can come from any layer of IoT devices. Cybercriminals are still using older vulnerabilities to infect devices, showing how long unpatched devices can stay online,” according to Trend Micro.
READ MORE: Find out why ransomware remains a persistent threat to critical infrastructure.
How utilities can better protect IoT devices
Minimizing the risk inherent in the use of IoT devices requires the application of some best practices, including password management, network segmentation, and cloud-based solutions.
Strong passwords can help prevent many cyber attacks. Trend Micro recommends identifying password managers, which can help users create strong, unique passwords that can be stored within the application or software itself. This practice is especially necessary for IoT devices as they have limited computational capabilities and minimal room for the strong data protection and security needed to defend against cyber attacks.
network segmentation is another tool that can be used to minimize risk. Creating separate networks for guest devices and connections can help prevent the spread of attacks and isolate individual problem devices so they can go offline before too much damage is done.
Trend Micro also suggests greater confidence in Cloud Computing: “The IoT and the cloud are becoming more and more integrated. It is important to note the security implications of each technology for the other. Cloud-based solutions can also be seen as providing additional services security and processing capabilities for IoT edge devices.”