IDC worries over security risks in Asia Pac energy and utility organizations

Less than 10% of these companies have security policies and strategies implemented.

Although security professionals have fought hard to establish their place in organizations, the companies that they represent appear to lack the basic monitoring of security events, their frequency, nature or source. More insights are revealed in IDC Energy Insights’ report, “Business Strategy: Security Landscape in the Asia/Pacific Energy and Utility Industry”, which reveals the fundamental issues around core security initiatives among energy and utility organizations across Asia/Pacific.

With geographically distributed assets, proliferation of numerous edge devices, including smart meters, and a growing mobile workforce, attention to security has gained prominence in recent times. However, lack of experience dealing with security threats as well as limited budgets have hampered the broader and faster adoption of security policies.

It is evident that of late, IT security has gained prominence as opposed to other IT initiatives across all industries. In the energy and utility sector, development in IT security is driven by notable trends such as introduction of smart grid and smart metering solutions, global explosion of mobile devices, growing popularity of cloud computing and the rise of social media. Pressure is on organizations to ensure that their infrastructure, network and software are secured from external and internal threats.

Key findings from the survey reveal that:
75% of energy and utility organizations across Asia/Pacific (excluding Japan) or APEJ leave information security in the hands of the IT department. To safeguard against today’s highly sophisticated and organized attacks, IDC Energy Insights recommends that the responsibility of IT security should lie with a C-level security executive or equivalent whose job is to focus on security policies and not IT operations.

20% of the organizations surveyed do not align their security strategies with business objectives. This strategic move is imperative to ensure that appropriate metrics are in place for security executives to determine the effectiveness of their strategies.Only 50% of the respondents are very confident that the information held by their organization is protected from external attacks. They are slightly more confident (56%) about internal threats.

Most organizations are reactive instead of proactive in managing security risks. Although data security and access management is taking center stage, organizations need to look beyond such basic security measures and proactively look out for anomalies.

"Most companies that we have surveyed recognized the need for security management. While this is a positive sign, less than 10% of these companies have security policies and strategies implemented. In many cases, even the basic control measures are nonexistent, making adoption of the latest technologies such as cloud computing risky", says Debashis Tarafdar, Head for IDC Energy Insights Asia/Pacific. 

Photo from Oked