The risk of cyber attacks will increase in the automotive industry next year

The risk of cyber attacks will increase in the automotive industry next year

Cyber ​​attacks are becoming more common across a wide range of industries. The rise of cybercrime affects everyone, but certain sectors are more at risk than others. The automotive industry may face particularly significant threats in 2023.

In the automotive industry, attacks can affect car manufacturers, car fleets and consumers alike. Mitigating these risks will be key as more cybercriminals seek to exploit the industry’s vulnerabilities. The growing number of connected and autonomous cars is one of the most significant factors driving these risks. Attackers have more potential entry points and can cause further damage once inside the system. Sales of self-driving vehicles could reach 1 million units by 2025, and after that sales are projected to skyrocket, so these risks will increase rapidly. Car manufacturers also face risks from networked production processes. This trend has also emerged in other sectors that have embraced the convergence of IT and OT (operational technologies). A quarter of energy companies reported weekly DDoS attacks after the introduction of Industry 4.0 technologies. Their attack surface will increase as car manufacturers also implement these systems. The automotive industry is also largely unprepared for sophisticated cyber attacks. Automakers are not used to dealing with advanced IT systems, so they may not be aware of security risks and best practices. Knowing this, attackers can target them more often in the hope of making money easier. While these risks are worrisome, successful attacks are not inevitable. The industry can take a number of steps to prevent and mitigate their impact.

1. Protection of production processes

First, car manufacturers need to protect Industry 4.0 systems in production plants. The first step in traffic safety is the appointment of a dedicated safety coordinator, after which car manufacturers can deal with site-specific risks. One of the most important changes is the segmentation of networks. All IoT devices must run on separate systems from more sensitive endpoints and data to prevent lateral movement. Encrypting IoT communications and changing default passwords are also key. Manufacturers must regularly update these systems, including using updated anti-malware solutions. Limiting user access and training all employees on security best practices are also important because insider risks can be a significant threat. As threats are constantly evolving, car manufacturers must also perform regular penetration tests.

2. Protection of connected cars

Automotive security also means fixing vulnerabilities in the vehicles themselves. The US National Highway Traffic Safety Administration (NHTSA) outlines several protection methods for connected cars, including a risk-based identification and protection process for vehicle systems critical to passenger safety, and architecture to mitigate potential injuries, ensuring that so that the attack does not become dangerous. The internal systems of networked cars must resemble other business networks. Intrusion detection systems must investigate anomalies and isolate potentially affected systems. Critical systems must be able to operate independently of connected functions to work in the context of vehicles. Checking for data encryption and firmware updates is also important. Safety checks cannot depend on users, as it depends on them how dangerous the violations related to the vehicles are. For example, drivers cannot use weak passwords or refuse to install updates.

3. Defense of the Fleets

Protecting corporate vehicle fleets is another important part of automotive cyber security. Businesses and their security partners must protect their vehicle telematics systems. Telematics security starts with a more selective selection of devices and services. Businesses should investigate potential telematics providers to ensure they meet high security standards before partnering with them. They should then restrict access to these systems as much as possible. Similar to IoT systems in manufacturing processes, businesses must segment telematics networks and regularly update these devices. The automotive industry must also place higher demands on device manufacturers and incorporate more security features such as advanced encryption. Many, including automakers, do not recognize the dire need for automotive cybersecurity. Cybercriminals are targeting the industry with increasing frequency and intensity, so security standards within the industry must change. Manufacturing processes, connected cars, and telematics systems must adopt better security practices. If they don’t do so, it could cause millions of dollars in damage and even endanger human lives – warned Dylan Berger, an expert on the topic at Tripwire.Hardware, software, tests, interesting and colorful news from the world of IT by clicking here!

Leave a Comment

Your email address will not be published.