A majority of energy companies are turning to the Internet of Things (IoT) to operate with greater efficiency and transparency—but more than half of these companies report that employees lack the security skills needed for combatting the security risks inherent to IoT, according to a new report from Inmarsat Enterprise.
The report surveyed senior IT decision makers from 100 large energy companies across the globe. About two-thirds (67%) of these companies identified a need to make "heavy investments" to meet physical and digital IoT security requirements. And 54% said that they need additional security skills to deploy successful IoT projects.
Security is not on the mind of many IT decision makers in the energy sector: Only 30% reported that they had given special consideration to network security as part of the development of IoT solutions, the report found. And just 38% said they have taken additional steps to protect against cyberattacks.
This is especially concerning, as a new wave of cyberattacks is expected to hit the energy sectors of the US and other nations, giving hackers the ability to "severely disrupt affected operations," according to a recent Symantec report. And the Department of Homeland Security and the Federal Bureau of Investigation recently released a joint report warning the energy and other sectors of risks of targeted advanced persistent threats.
SEE: IT leader's guide to the threat of cyberwarfare (Tech Pro Research)
These security gaps may stem from a lack of understanding of what IoT means at a board level, the report noted, making it more difficult for IoT project teams to gain security-related funding. Nearly six in 10 energy IT leaders said that their board had either a partial understanding or no understanding of IoT at all.
"IoT represents a fundamental change in the way that energy grid networks and organisations will operate," said Chuck Moseley, senior director for energy at Inmarsat Enterprise. "The core operations of energy companies have traditionally been insulated from the destructive cyber-attacks that have destabilised other industries, as they were not connected to the internet. But, with the advent of IoT, more and more parts of their infrastructure are being connected, creating new vulnerabilities and risks."
These security vulnerabilities must be addressed quickly, Moseley said in the release. Further, security measures must be driven by senior leadership within the energy business, to ensure that they do not miss out on the value that IoT can bring to the industry.
"For energy companies to thrive in this climate, IoT security needs to be at the top of the agenda and it is essential that boards raise their understanding of the risks they face," Moseley said in the release. "This involves ensuring that the fundamental network infrastructure underpinning device connectivity aligns with the highest security and reliability standards, and that the end points are configured correctly."
For more tips on how to secure your IoT devices, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- Six in 10 energy IT leaders said that their board had either a partial understanding or no understanding of IoT at all. -Inmarsat Enterprise, 2017
- 54% of IT leaders at energy companies said that they need additional security skills to deploy successful IoT projects. -Inmarsat Enterprise, 2017
- 38% of IT leaders at energy companies said they have taken additional steps to protect IoT projects against cyberattacks. -Inmarsat Enterprise, 2017
- Report: 77% of companies say IoT has created 'significant' security gaps (TechRepublic)
- Enterprise IoT adoption to hit critical mass by 2019, but security remains a top concern (TechRepublic)
- Internet of Things: The Security Challenge (ZDNet)
- Here are the biggest IoT security threats facing the enterprise in 2017 (TechRepublic)
- Cybersecurity in an IoT and mobile world: The key trends (ZDNet)
- Information Security Management Fundamentals (TechRepublic Academy)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.