Why auto manufacturers need to shift cybersecurity into overdrive?

Over 250 million connected vehicles are plying the roads all over the world today. And this number is only growing.

In fact, by 2040, 1 billion connected vehicles will take on the tarmac across the globe.

As the auto industry becomes more connected, manufacturers are increasingly facing new cybersecurity threats—primarily a result of more remote ways of working and the growing ecosystem of interconnected companies with varying levels of cybersecurity expertise.?

Scaling up security for a connected automotive world ?

Amid COVID-19, most automotive companies were forced to embrace remote working—a move that saw them grappling with cybersecurity protection for their employees. Our study found that the top target for cyberattacks was the corporate organization. Phishing by cyberespionage and cybercriminal groups only further added to the risks.

?Manufacturers also need to secure customers’ and their own data from connected cars. In the last five years, there is growing evidence of hackers taking over control of connected car systems by exploiting weaknesses in the web browser—even compromising the car system so that vehicles could be unlocked, and their engines started. This can become a life-or-death matter for passengers and other drivers.

?Still, most automotive companies rely on third party vendors and partners that manufacture up to 70% of their products. And 37% of automotive companies have weaker security standards for their partners than they do for their own business.

How can automotive companies fortify connected vehicles, safeguard their operations and reputation if customer information were to leak out?

Put full confidence in zero-trust ?

Or adaptive security based on zero-trust environments! Powered by analytics, automation, granular user-access control and context-aware security access policies, adaptive security can secure the movement of data, irrespective of user (or employee) location.

?Extend cybersecurity to the wider ecosystem

?Manufacturers must make sure that all the applied security measures extend beyond their own four walls. For instance, the NotPetya malware spread from the servers of a Ukrainian software firm to some of the largest businesses worldwide, paralyzing their operations and causing an estimated US$10 billion in damages. One of the ways to avert such incidences is by making auto parts vendors and partners provide the most current Secure Sockets Layer (SSL) certificates. In fact, many leaders have managed security partners to meet these security obligations .

?Also, as shorter development cycles become the norm, automotive companies must avoid using them as an excuse for taking shortcuts in security. Here, establishing a safety-by-design culture can help. This would mean adopting Secure Development Lifecycle practices to standardize and embed security processes into all phases while maintaining efficiency.

?Make connected car systems a cyber-fortress

?41% of automotive company security breaches come from indirect attacks, or hidden attacks via their ecosystem .

?Yet, only about two-thirds of automotive companies oversee the cybersecurity practices of their technology providers, auto parts providers and dealerships. What they need is a continuous end-to-end chain of security, from the service delivery platform to mobile apps to in-vehicle telemetry. While AI and machine learning can help manufacturers detect anomalies within a car’s system, security measures like Intrusion Detection Systems powered by Vehicle Security Operations Center (VSOC) can strengthen the web of interconnected companies that build connected car systems.

However, the risk is greater with fully autonomous cars—vehicles that are full-fledged internet-enabled transportation devices. For autonomous cars, major automotive players are opting for solutions like Dynamic Authentication Vehicle Anti-Theft System (VATS) for end-end-end security. This can be enabled in three phases:

1.????Building security, with professional security services, such as security consulting, engineering, testing and training.

2.????Enabling security with security design solutions, intrusion detection & prevention solution (IDPS) and defense-in-depth vehicle protection.

3.????Managing security through a Vehicle Security Operations Center (VSOC), threat intelligence and forensics, incident response, vulnerability management and managed PKI service.

The way forward for connected automobiles

One thing is clear: basic cybersecurity protocols won’t cut it. ?

The average cost of cybercrime for an organization has increased from $1.4M to $13.0M .

?Automotive companies would do well to create a cybersecurity foundation that’s fit for an ever-evolving purpose. While investing in emerging technologies and decoupling their core architecture to allow for innovative collaboration, manufacturers must also change their cybersecurity strategy continuously.

?To stay ahead of cyberthreats, automotive companies must:

• Reassess cybersecurity using an end-to-end approach: Focus on securing data-at-rest and data-in-transit, especially customers’ personal data.
• Take a proactive stance with regulators and shared industry intelligence. Help regulators create standards that protect consumers but are also realistic for manufacturers.
• Look beyond traditional boundaries. Take responsibility for cybersecurity standards enforcement across the whole ecosystem to protect your own interests.

?Also, as software updates become increasingly critical for connected vehicles, automotive companies must comply with the provisions outlined in the UN Regulation No. 156 for Software Update and Software Update Management System (UNECE ). Over-the-air (OTA) software updates can help companies avert potential cybersecurity threats and protect sensitive customer and company data.

The future of the automotive industry will be characterized by partnerships that deliver more than any one company could deliver on its own. As cars become connected products, the need for automotive companies to invest in protecting customers, employees and business continuity is growing manifold. Those that anticipate and address cyber risks will position themselves to drive into their future more rapidly—and safely.