Story image

Report finds automotive industry seriously wanting in cybersecurity

08 Feb 2019
Twitter
Facebook

 

Findings from a new report have laid the automotive industry’s cybersecurity practices bare after highlighting critical cybersecurity challenges and deficiencies affecting many organisations in the industry.

Synopsys and SAE International Release released the report (Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices) that is based on a global survey conducted by Ponemon Institute.

The report surveyed 593 professionals from global automotive manufacturers, suppliers, and service providers. To ensure knowledgeable responses, all respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as Wi-Fi and Bluetooth, among others.

According to the survey, a staggering 84 percent of automotive professionals have concerns that their organisations’ cybersecurity practices are not keeping pace with evolving technoligies. Furthermore, 30 percent of organisations don’t have an established cybersecurity programme or team, while 63 percent test less than half of the automotive technology they develop for security vulnerabilities.

Further key findings from the report include:

  • More than half of respondents say their organisation doesn't allocate enough budget and human capital to cybersecurity, while 62 percent say they don't possess the necessary cybersecurity skills in product development.

  • Less than half of organisations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.

  • Only 33 percent of respondents reported that their organisations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.

  • Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organisation imposes cybersecurity requirements for products provided by upstream suppliers.

SAE International Ground Vehicle Standards director Jack Pokrzywa says the real-world data validates the concerns of cybersecurity professionals across the industry - and highlights a way forward.

"SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061, the world's first automotive cybersecurity standard,” says Pokrzywa.

“Armed with the findings of the study, SAE stands ready to convene the industry and lead development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles."

Synopsys Software Integrity Group co-general manager Andreas Kuehlmann says in trying to stay on the pulse of innovation, the industry has fallen behind on cybersecurity.

"The proliferation of software, connectivity, and other emerging technologies in the automotive industry has introduced a critical vector of risk that didn't exist before: cybersecurity," says Kuehlmann.

"This study underscores the need for a fundamental shift—one that addresses cybersecurity holistically across the systems development lifecycle and throughout the automotive supply chain. Fortunately, the technology and best practices required to address these challenges already exists, and Synopsys is poised to help the industry embrace them."

Story image
07 Nov
Worldwide spending on security products and services set to reach $151.2 billion in 2023
"Considering there have been many attempts for hackers to acquire funds from banks, the banking industry is expected to spend the most on security solutions."More
Story image
26 Nov
Black Friday alert: Financial botnets targeting e-commerce apparel sites
Black Friday is arguably the most anticipated retail sales period in the world, when brands offer consumers the largest discounts and promotional offers.More
Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Story image
14 Nov
NordVPN launches encryption tool, password manager to come
A free version of NordLocker is available which gives users 5GB of encrypted data, while premium users can encrypt unlimited amounts of data. More
Story image
06 Nov
Barracuda Networks integrates WAF into cloud platform
 Barracuda Networks announced a new Cloud Application Platform (CAP), which provides security, as well as a new web application firewall (WAF) as a service solution built on Microsoft Azure.More
Story image
05 Dec
Microsoft-backed security firm SpyCloud amplifies enterprise protection
Cybersecurity firm SpyCloud is an up-and-coming star in cybersecurity – and with US$21 million from Microsoft’s venture fund behind it, SpyCloud’s future is almost limitless.More