Over a third of automotive c-suite executives believe jargon and confusing cybersecurity terms are the biggest barrier faced when defending against attacks says a new report by Kaspersky.
Although cybersecurity is the top business concern, automotive industry leaders are not currently perceiving enough return on their cyber intelligence investments and struggling to prioritise action due to the confusing terminology being used to describe threats, according to research by security firm Kaspersky.
The research shows that senior automotive executives are struggling to connect the real implications of their threat intelligence to specific business operations, with almost a third (29.5%) of respondents not seeing value from their cyber intelligence investments.
This is even more critical with the emergence of software-defined vehicle architectures.
- Standard emerges to help fight threat of automotive hacks
- Renesas makes automotive SoCs hacker-proof
- Sweden opens advanced automotive cyber security centre
“Our findings suggest that, for automotive businesses to start seeing true value from their threat intelligence investments, they have to start viewing the challenge more holistically,” says Clara Wood, Automotive Research Leader at Kaspersky.
“Protecting business operations while tackling cybersecurity threats has radically changed from basic IT configurations, installing an antivirus, and following best practices, to a whole new level of complex coding, unknown threats, and continuous cyber-attacks. Good intelligence reports and timely warnings are critically important for automotive companies across the supply chain as cybercriminals increasingly turn their focus towards the automotive industry.”
Automotive cyber incidents are increasing year on year, with growing use of remote hacks, both from the web and nearby wireless. However, the challenge of defending against these attacks is being compounded by ongoing issues associated with interpreting and understanding cybersecurity jargon says Kaspersky.
- How the software defined vehicle changes hardware requirements
- The crypto challenge of software-defined vehicles
As connectivity and software-driven processes have become ubiquitous across the industry, there is a clear and present danger that failure to address this issue will mean that privacy – and even safety – is actively being compromised.
The ISO26262 functional safety standard similarly can be complex to understand but has been adopted effectively across the industry with the support of senior executives. The same approach needs to be applied for cybersecurity.
- Airbiquity integrates Kaspersky platform for secure OTA updates
- Intrusion detection becomes vital issue for vehicle security
“For a problem that touches everyone, from top to bottom in any organisation, cyber literacy is a critical component if an increasingly interconnected automotive industry is to develop a culture of cybersecurity best practice, share knowledge, and, ultimately, institute actionable intelligence with clear and quantifiable return on investment,” said Wood. “Simply put, failure to move on from tactics that rely on reactive security and risk management principles without truly understanding the risks will provide inadequate security protections, exposing organisations to unnecessary and significant cyber risk and the consequences of devastating intrusions across the entire network.”