Cyber and the Motor Industry
The motor industry isn’t immune from the ever pressing threat of cybercrime. With high profile data breaches and attacks across a wide range of sectors reported extensively in the media, Government statistics reflect the risk. 81% of large and 60% of small businesses have suffered a cyber security breach in the past year – and those are the ones we know about.
Traditional security considerations for motor traders and fleet owners alike usually centre on the physical risk, from premise security to keys and anti-theft devices.
However, the data held on your computer system is a valuable asset that needs protection as the breadth of potential threats – both from internal and external sources – is wide ranging. Common examples include phishing, malware and spyware, hacking and distributed denial of service (DDOS) attack. This is concerning as the consequences can be devastating: reputational damage, business interruption and customer data theft, with potential criminal proceedings.
The increasing rate of data exchange isn’t just a risk to your business. For the industry, the pathway to automated vehicles requires an increasing level of interconnectivity and communication between vehicle control systems and the environment. This exchange makes the vehicle susceptible to risk just like any other device in the web of interconnectivity.
For cyber criminals, attacking vehicle systems means some of the most sensitive and valuable data is available. Apps and services used to pay congestion charges and tolls gives access to bank details whilst insurance and tax details could facilitate personal identity fraud. Business phones synchronised to the vehicle leaves business critical data potentially on offer and developments such as keyless entry allow physical security to be bypassed.
Furthermore, details on the location of the vehicle can also be tracked. This means that criminals are able to locate vacant premises, leaving them vulnerable to a physical attack.
Reducing the risk
There are several key measures that you can carry out to minimise the risk of cyber-attacks on your business, including:
• Conduct training – educating staff in how to securely use your systems and recognise potential breaches
• Keep systems up-to-date – securing ‘patch’ software to automatically update programs to fix security vulnerabilities and carry out regular scans
• Monitor removable media – limit access to removable media , such as memory sticks, and scan them before uploading data to your company software
• Manage and monitor IT systems and network – control the access of staff, limit the number of privileged users, monitor activity and log and analyse unusual activity
• Create a disaster recovery plan – produce and test plans to ensure your business is prepared in the event of an incident
• Establish anti-malware protection – scan for malware across the business
• Protect networks – implement network security controls to protect networks from internal and external attacks
The Government’s 10 Cyber Security Steps details how organisations can protect themselves in cyberspace. In addition, they have recently published ‘Common cyber-attacks – Reducing the impact’, explaining what to look for in a cyber-attack and how to protect your business. You can access these and further advice on their website.
What’s more, a number of cyber security schemes and services are available. Cyber Essentials is a government-backed initiative that aims to help companies protect themselves against common cyber-attacks. The scheme both identifies the security controls that businesses need to put in place and focuses on five essential mitigation strategies, in order to make sure businesses address their cyber security effectively. You can apply for certification under this scheme – it is now a mandatory requirement for certain central government contracts and is more frequently being requested as a minimum requirement in commercial tenders.
(Source: Allianz Insurance plc.)
Follow us on Twitter: @