WUOMFM

Cyber attacks on auto industry rising

Aug 4, 2015

About two-thirds of hacking attempts are made by employees and former employees. But attacks from other sources are increasing rapidly: from competitors, business partners, and hactivists.
Credit PwC

A survey of global auto manufacturers and suppliers finds a 30% increase in the number of cyber attacks between 2013 and 2014.

Rick Hanna, PwC's global automotive leader, says it's possible that some of the reported increase is simply because the companies are paying more attention, "but it's a growing risk."

About two-thirds of hacking attempts are from employees and former employees.

But an increasing number come from sources such as business partners and so-called hactivists - people who hack sites in order to call attention to vulnerabilities.

Hanna says increasingly, cyber attacks come from outside the organization.

"Business partners, third party vendors, JV partners and suppliers - people that you collaborate with.  And if your partners have an open access, then they (hackers) have access into yours as well." 

Hanna says the industry isn't taking cyber security lightly.  80% of companies reported having a cyber security strategy in 2014, compared to 74% the year before.  And 79% had a chief information security officer, compared to 68% in 2013.

Many are also shifting some of the responsibility for preventing and detecting attacks from the IT department to other departments throughout the company, including R&D and operations. 

"There's a realization that the IT group alone can't manage these risks," says Hanna.

But Hanna says many companies still are not assessing risks outside their own organization.  Only 58% have a program to do cyber risk assessments of third party suppliers.

"These hand-offs and touch points, you have to work across the supply chain," he says.

The survey was conducted before two hactivists successfully took control of a Jeep vehicle from the Internet, using a vulnerability in the vehicle's computerized navigation system.