As vehicles become increasingly connected, and autonomous vehicle technology becomes a reality, IoT-focused cyberattacks in the transport and automotive sector are becoming alarmingly widespread. According to new research by Irdeto, 77% of respondents’ organizations in this sector have experienced an IoT-focused cyberattack in the past twelve months. Of those that experienced a cyberattack, 91% had an impact on the organization, including operational downtime and compromised customer data and/or brand or reputational damage. Perhaps most alarming, many organizations are not properly prepared for future threats with only 6% indicating that they have what they need to combat cyberattacks.
The Irdeto Global Connected Industries Cybersecurity Survey of 225 security decision makers working in transport and automotive (700 respondents in total) found that while a greater focus on cybersecurity within the industry is needed, many respondents’ organizations in this space are looking at the benefits of security beyond its protection capabilities. Of the transport organizations surveyed, 98% agree that a security solution should be an enabler of new business models, not just a cost. This clearly indicates that attitudes towards IoT security are changing for the better. This shift in mindset could lead to further innovation across this sector, resulting in new connected and autonomous business models with security built-in.
“Despite the challenges and threats outlined by this study, it’s clear that the attitude toward security in the transport industry is on the right track,” said Niels Haverkorn, General Manager, Connected Transport, Irdeto. “Through robust security, transport and automotive organizations can construct a foundation that not only realizes the benefits of fully connected and autonomous vehicles, but also enables profitable new business models. Through this approach, they will be able to balance safety, convenience and customization throughout their business and products.”
While the security mindset is on the right track, the Irdeto study suggests a distinct lack of optimism about the future security of IoT devices within organizations. Of the security decision makers surveyed in the transport industry in five countries (China, Germany, Japan, UK and US), 84% are either very or fairly concerned about the IoT devices that their organizations use or manufacture being targeted by a cyberattack, hacking incident or security breach.
Despite this concern, 94% of respondents from this sector said that they do not have everything they need to address cybersecurity challenges. In addition, 50% state they need additional expertise/skills within their organization to address all aspects of cybersecurity. This is followed closely by more effective cybersecurity tools (47%) and the implementation of a more robust cybersecurity strategy (44%).
This is compounded by the finding that, in the transport and automotive space, a total of 90% of manufacturers and 95% of users of IoT devices state that the cybersecurity of the IoT devices that they manufacture or use could be improved either to a great extent or to some extent. Failure to address these challenges could prove costly, with the average financial impact as a result of an IoT-focused cyberattack in the transport space identified as greater than $350,000 USD.
“The benefits of connectivity for today’s automobiles are clear, allowing greater mobility services to be brought to drivers; and inevitably to passengers of autonomous vehicles of the future,” said , Dr. Clifford Liem, Technology Director, Connected Transport, Irdeto. “However, the underlying understanding for all is that technology cannot be implemented safely without robust security in place. Organizations must adopt a defense-in-depth approach to cybersecurity with many layers of security being implemented throughout, rather than simply protecting systems from the outside-in. This applies to both the organization itself and to connected vehicles they develop.”
Within IoT devices themselves, a largest proportion of security decision makers working in transport organizations stated that the software of these devices is the most vulnerable element (39%), while 13% stated that the infotainment unit is where the most prominent cybersecurity vulnerabilities exist.
As organizations fight to keep pace with the cybersecurity challenges in the transport sector, they do have several security measures in place, but have often not implemented enough layers into their security strategy. 31% of security decision makers surveyed say their organizations do not currently have software protection technologies implemented, while only 50% say their organizations have mobile app protection implemented and only 44% make security part of the product design lifecycle process – which could be a huge problem if the product is a vehicle itself.