Losses to the tune of billions are experienced due to the rise of cyber-attacks in the automotive industry, and they are becoming progressively worse as more auto manufacturers join the autonomy space. Industry experts argue that autonomy is the future of the automotive industry, mainly because driverless cars are safer, more comfortable, and more convenient than regular cars. However, there is a downside to this technology: susceptibility to cyber-attacks. Attacks range from physical to long-range digital attacks. As we know, a new cyber-attack vector is born every time new development occurs in the tech space.
Cyber-Attacks in the Automotive Industry: Is This a New Thing?
Cyber-attacks in the automotive industry are not new. In 2015, a team of security researchers experimented on the vulnerability of autonomous vehicles by hijacking a vehicle. It was confirmed that these vehicles were not as safe as initially thought to be. From a remote location, the researchers managed to disable the brakes for a few seconds and operate the steering wheel before shutting the engine off completely. This research gave the world a glimpse of how dangerous the future of mobility can be if more cars are internet-enabled without proper cybersecurity investments.
Understanding the Depth of Cyber-Attacks in the Automotive Industry in 2021
Fast forward to 2021, the risk facing safety-critical vehicle systems is still immense. Hackers are infiltrating data centers and back-end servers, stealing pertinent user data. Car hijacking is still an issue; however, the biggest threat today is privacy infringement and identity theft in car sharing. Over 40 percent of all auto cybersecurity issues are associated in some way to back-end application servers.
According to various studies, automakers could lose approximately $1.1 billion for a single attack. Collectively, the entire automotive industry is estimated to lose up to $24 billion before 2023. Those most impacted as of today are fleet operators, Tier 1 suppliers, and car-sharing companies. There is, however, hope that by implementing multi-layered security, the transport sector can survive the onslaught of cybercriminals in the long run. One key multi-layered security approach is automotive cloud security.
Ransomware and Driverless Cars
Cybercriminals want to steal data from unsuspecting passengers and then use the data to demand ransom from their victims. They are winning in this regard due to the inter-connected and autonomous vehicles relying on the user’s data for its operation. Cybercriminals can now steal vast amounts of Personally Identifiable Information (PII) data such as a passenger’s residence, credit card information, email information, and the destinations that a person visits. They can then use that information to craft and send convincing phishing emails with attempts to steal more information or to dupe victims into opening malicious links, therefore, giving them access to the victim’s personal computer. They can either scrape valuable data or hold it for ransom until they are paid hefty recovery fees. This is a problem that cannot be fixed by abolishing inter-connected vehicles, but rather by rethinking data security in order to defeat these attackers.
Data Protection Approach
Enterprise data protection experts agree that automobile manufacturers must upgrade their data security protocols in order to stop hackers at their efforts. Basic data protection protocols such as perimeter security and intrusion detection might not be enough to keep attackers at bay. Stronger passwords will not stand against the sophisticated techniques that cybercriminals are employing when infiltrating the automotive industry. The current data breach vulnerabilities need to be addressed from the tokenization or encryption approaches – protecting the privacy of the data itself so that even when stolen, the attacker cannot use it to harass the victim.
Can VPNs Help?
Yes, VPNs can help. There are good reviews of different VPNs that prove how effective a VPN can be in keeping automotive operators safe. VPNs can safeguard a car’s engine control and electronics systems. On top of protecting connected cars from external attacks, a strong VPN will also allow car users to access the internet securely via the vehicle. Some passengers are already using a VPN to access their coworking spaces or companies’ networks.
Conclusion
Auto manufacturers must change their security approach from purely physical to embracing cybersecurity as a key component of both the development and deployment phase of their cars’ AI functionalities. Auto manufacturers cannot afford to treat security as an afterthought if they want to successfully combat cunning cybercriminals and thwart cyber-attacks in the automotive industry.
Rina Richell
Tags: AI, Automotive, Cyber-attack, Cybersecurity, data protection, Self Driving
