Just one cyber hack can cost an automaker $1.1 billion
In its 2019 report, Upstream outlines a number of other trends and predictions for the coming year, which includes the rise of connected automotive cyber attacks (a 600 percent growth) over the past four years, says Dan Sahar, Vice President of Product at Upstream Security.
If you do a simple Google search for “automotive cybersecurity issues, concerns, and risks,” you’ll get a wide variety of troubling stories from which to choose.
- Automotive industry races to address cybersecurity risks
- Connected cars: The new automotive cybersecurity threat
- $60 DIY car hacking device is an inexpensive and easy way to hack cars
- Thousands of cars in UK vulnerable to security breach
Those are just a few of the headlines that you’ll see addressing the subject, which has evolved into a very real and serious concern. It’s a big problem today, and it’s only going to get worse. By 2025, there will be more than 470 million connected vehicles on the roads in Europe, China, and the U.S., according to a PWC 2017 Strategy& Digital Auto Report (https://pwc.to/2yLHcha). The most frightening for the automotive industry might be this: It will have a $24 billion problem on its hands if car companies don’t take immediate steps to protect customers from hacks.
Upstream Security, founded in 2017 and based in Herzliya, Israel, recently released its first comprehensive report that addresses the cybersecurity issue as it relates to the automotive industry. Here is one of the key findings in the company’s in-depth 2019 report: The auto industry is staring at a $24 billion problem by 2023 if it does not ramp up its efforts to confront the seriousness of cybersecurity issues. That includes cloud, network, and in-vehicle security. Over the past eight years, the number of cyber hacks has increased by 600 percent, with a record-high of 60 in 2018.
The cloud-based, smart mobility, cybersecurity provider studied the impact of more than 170 documented, smart mobility, cyber incidents reported between 2010 and 2018. Its Global Automotive Cybersecurity Report 2019 projects future trends based on that eight-year history, outlines how hackers attacked—from physical to long-range to wireless and more, and who they targeted in the smart mobility space.
According to Oded Yarkoni, Upstream Security’s head of marketing, and author of the report, with every new service or connected entity, a new attack vector is born. These attacks can be triggered from anywhere, placing both drivers and passengers at risk. Issues range from safety critical vehicle systems, to data center hacks on back-end servers, to identity theft in car sharing, and even privacy issues. The risk is immense. Just one cyber hack can cost an automaker $1.1 billion, while we are seeing that the cost for the industry as a whole could reach $24 billion by 2023.”
Increasingly, the automotive world is becoming a smart-mobility ecosystem, according to Yarkoni. Connected cars, autonomous vehicles, ride-sharing services, and aggregated transport of all kinds are adding complexity and risk at an incredible rate, he added. In its study, the company’s data is based on real-life incidents and provides an insight into who is at risk, how key stakeholders are protecting themselves, and emerging trends for this year. Key highlights and insights of the report:
While car manufacturers are an obvious target, Tier 1 suppliers, fleet operations, telematics service providers, car-sharing companies, and public and private transportation providers are facing an ever-increasing threat.
In 2018, the number of cybercriminal (what the industry calls black-hat hacker) attacks eclipsed the number of white-hat (security specialists who break into protected systems to test and assess their security) incidents. This is the first time in the history that has happened in the smart-mobility space.
42 percent of automotive cybersecurity incidents involve back-end application servers.
Two new kinds of cyber attacks are emerging through car sharing and driver exchange. These are having a measurable impact on fraud and data privacy.
These highlights and more are in the full report, available for download here or from https://bit.ly/2EgK3RI). For additional data insights about cybersecurity incidents contained in the report https://www.upstream.auto/research/automotive-cybersecurity/.
In January, Upstream announced a technology and go-to-market partnership with Arilou, a leader of in-vehicle network security for car makers. Combined, Upstream Centralized Connected Car Cybersecurity (C4) technology and Arilou Intrusion Detection and Prevention (IDPS) technology will create a fully integrated cybersecurity offering for vehicle OEMs.