Today’s automotive industry is driven by tech, with each vehicle now employing over six times as many lines of code as a commercial jet. The sophisticated technology infrastructure needed to design, engineer, and build vehicles in this complex means automotive manufacturers are an ideal target for cybercriminals. These malicious actors are constantly looking to destabilize operations and collect financial rewards through ransomware or theft, with cyber attacks predicted to cost the automotive industry $24 billion by 2023.
Vehicles are constantly capturing not only outside data such as location, weather, and traffic conditions but also driver data such as biometrics and mobile phone information. And with advancements like autonomous driving now in the not-so-distant future, points of entry for potential threats are multiplying, and malicious actors have more opportunities to target automotive companies along the entire supply chain.
The importance of the supply chain
The internal system of a vehicle contains more than 30,000 hardware components, manufactured predominantly by specialist third-party suppliers. OEMs (Original Equipment Manufacturers) often cannot scrutinize or control cybersecurity measures elsewhere along the chain, which opens their systems and data up to multiple exposure points for cyber criminals to exploit. One example of this is Toyota, which lost an unknown amount of valuable financial and customer data in 2021 after one of the company’s manufacturing partners, Auto Parts Manufacturing Mississippi, suffered a cyber attack.
Challenged with compliance
In the IT industry in general, computer and device manufacturers are not directly responsible for the cybersecurity of their products; it’s the responsibility of the enterprise to implement cybersecurity tools, and as a result, regulations and data privacy laws are enforced on the users. But in the automotive industry, OEMs are held directly accountable for failures in cybersecurity implementation.
UNECE’s WP.29 regulation was the first of its kind for automotive manufacturers, requiring vehicular cybersecurity type approval. This means that all vehicles must now be assessed and qualified before being sold, adding to an already large number of existing, enterprise-focused security regulations including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). 23% of companies in the US are actively working to comply with 11 or more privacy laws, making it a confusing and time-consuming process to meet all requirements, particularly for overstretched cybersecurity teams.
The risk of ransomware
Due to their larger attacks surfaces, complex supply chains, and security teams distracted by regulatory compliance, almost half (49%) of the top 100 automotive manufacturers are highly susceptible to ransomware attacks. Ransomware attacks can shut down entire manufacturing supply chains, as was the case with Kia Motors in 2021 when the DoppelPaymer gang demanded $20 million to not leak stolen data. The attack caused weeks of IT outages, operational disruption, and financial loss. Ransomware – or any kind of cyber attack that demonstrates a lack of control over data – also erodes consumer trust, with 80% of consumers claiming they would not buy from an automotive company that has been hacked.
To protect the personal data of their customers, clients, and employees, automotive organizations need a solution that identifies and shields against both incoming and outgoing threats, securing the entire value chain. Centripetal’s solution, CleanINTERNET, shields automotive organizations from 99% of globally mapped cyber threats in real time, delivering comprehensive, actionable threat intelligence to you directly. With Centripetal’s team of cyber threat analysts working as an extension of your team, the threat of non-compliance is mitigated, and your team has more time to address mission-critical business activities. Our solution helps to create a Zero Trust environment for automotive manufacturers and suppliers, proactively preventing network infiltration and data exfiltration to secure your customers, supply chain partners, and reputation.