Companies operating within the industrial and energy and utilities sectors are responsible for protecting the critical infrastructure we all rely upon to live. However, these companies must also operate their businesses more effectively and efficiently to meet consumer and government expectations. To achieve these objectives, companies are leveraging new technologies, including the Internet of Things (IoT).

IoT devices cover a very broad spectrum of purpose, and companies are deploying these interconnected devices in their operations at a rapid pace. They use them to collect operational data, monitor operational technology performance, control processes at the edge, and capture consumer usage and performance. For this reason, the growth of the IoT within the industrial and energy sectors is poised to increase in the coming years, which is in line with Gartner’s prediction that there will be more than 26 billion connected devices by 2020. But along with this rapid increase in IoT devices comes a proportional increase in risk.

Internet of Threats: Securing the Internet of Things

Working with Oxford Economics, the new IBM Institute of Business Value (IBV) report, “Internet of Threats: Securing the Internet of Things for Industrial and Utility Companies,” aimed to understand how organizations protect themselves against the cybersecurity risks posed by deploying IoT technologies in their operations and factories. It also leveraged the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a common baseline to determine the capabilities needed to identify, protect, respond to and recover from IoT cyber incidents.

Oxford Economics interviewed 700 executives in 20 countries who have deployed or are in the process of deploying IoT technology in their plants and operations. Those interviewed are responsible for oversight of security and are using industrial control systems (ICS) and/or supervisory control and data acquisition (SCADA) in their operations. In total, 120 executives from the energy and utilities sector participated in the study, with 77 from power and 43 from water.

The report revealed the most common application, the most vulnerable part of deployments and the greatest cybersecurity threat perceived by the executives interviewed. Oxford Economics engaged these business leaders to share the most common type of IoT cybersecurity incident they’ve observed and what could have the highest impact to their critical business operations. They also shed light on the primary drivers for cybersecurity and how spending is aligned with IoT adoption.

What Does the Report Mean for the Energy, Environment and Utilities Sectors?

The IBM report highlighted a significant level of immaturity among many organizations when it comes to managing IoT risks. One key reason is the shortage of security professionals with the necessary knowledge to develop an effective security program for managing risks associated with the ever-changing threats within this industry. For example, energy and utilities companies are seen as targets for terrorists, nation-state actors and traditional cybercriminals due to the far-reaching impact of such attacks. As a 2017 Information Security Forum report titled “Industrial Control Systems: Securing the Systems That Control Physical Environments” stated, “In today’s modern, interconnected world, the potential impact of inadequately securing ICS can be catastrophic, with lives at stake, costs extensive and corporate reputation on the line.”

Despite these known risks, the IBV report noted how vulnerable companies still are today. As organizations invest billions to transform the way they provide their services, they must keep pace with security. The study found that, on average, these companies are spending 7 percent of their IT budgets on deploying and maintaining new IoT technologies and only 1 percent on securing IoT technologies. This is why governments are mandating more control over these environments through new regulations. Although more regulation may slow the ability to innovate and advance, it is critical to weave security into all new energy and utilities solutions to avoid a catastrophic outcome.

Addressing IoT Security Gaps

The IBV report detailed the security gaps within these industries while also providing keen insight into what security solutions companies in this sector should consider. This study is a good reference to use as a baseline for establishing a security strategy, and organizations should work with a trusted security services partner to plot a road map to help them protect their critical operations from ever-increasing threats.

Download the full report

More from Energy & Utility

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Today’s biggest threats against the energy grid

2 min read - Without the U.S. energy grid, life as we know it simply grinds to a halt. Businesses can’t serve customers. Homes don’t have power. Traffic lights no longer work. We depend on the grid operating reliably each and every day for business and personal tasks. That makes it even more crucial to defend our energy grid from modern threats. Physical threats to the energy grid Since day one, the grid has been vulnerable from a physical perspective. Storms knocking the grid…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today