Top 3 Cyber Threats We See in Auto Manufacturing Supply Chains
In 2021 Volvo had R&D data stolen and leaked by cyber threat group Snatch, and both Kia and the Eberspaecher stopped production after a ransomware attack. 2017 saw multiple automobile manufacturers’ operations halted due to a WannaCry ransomware attack. Before digital transformation, cybersecurity was a tech issue. Today, each cybersecurity risk is a business risk.
The Top Three Cyber Threats In the Automotive Supply Chain
The automotive industries have precious intellectual property, long supply chains, and tight production timelines. These three characteristics make auto manufacturers a valuable target for various cyber attacks. The top three cyber threats we see among automobile manufacturers include third-party data breaches, supply chain attacks, and ransomware attacks: Third-party breaches:
- Teams that are working with vendors are constantly sharing folders or drives. A single wrong click can leave a cloud drive with thousands of documents exposed. This issue only becomes more challenging to manage when data is housed within third parties beyond your organization’s visibility or control.
- Ponemon estimates that 61% of companies experienced a data breach caused by one of their third parties. Third-party data leaks fuel counterfeiting and IP theft and often lead to a supply chain attack.
Supply chain attacks:
- Often the biggest risk in your supply chain are supply chain attacks themselves. ENISA estimates that 66% of cyber attacks focus on the supplier’s code. This pattern has been observed multiple times in the case of SolarWinds and Passwordstate.
- But code is not the only sensitive information third parties can have. CybelAngel routinely locates blueprints that could expose physical assets for targeted exploitation. Such attacks leave organizations out of commission for days to weeks.
Shadow assets/Shadow IT:
- Estimates show cloud-based shadow IT is 10x larger than a company’s known cloud usage. Moreover, shadow assets are sometimes chosen for their lack of security controls as 35% of employees say they need to work around their company’s security policy to get their job done.
- From physical assets like exposed NAS drives to cloud applications, threat actors are always looking for vulnerable entry points. The explosion in cloud services has given threat actors a gold rush of opportunities to enter systems and directly or laterally access OT systems.
Taking Care Of Business
The key to defending your supply chain is to ensure each of your third-party vendors is compliant with the strictest of cybersecurity standards, whether or not regulatory requirements are enforced. The issue is that many third-party risk management tools are momentary and provide just a snapshot instead of ongoing proactive protection. Digital Risk Protection Solutions (DRPS) provide holistic detection and remediation for external digital risks. Our machine learning and best-of-breed detection abilities allow our platform to locate when and where your data is found on the internet. This focus on discovering exposed data expands visibility far beyond perimeters into third, fourth, and fifth parties. No more do teams have to choose which vendors receive ongoing monitoring. This is why Gartner named CybelAngel the “Best of Breed” DRPS solution. CybelAngel also recognizes the need for speed in dealing with digital threats. Today’s digital risk is not the same as tomorrow’s. As an answer, CybelAngel developed 24/7 monitoring for four different digital risks. Our Account Takeover, Data Breach Prevention, Dark Web Monitoring, and Asset Discovery and Monitoring can locate threats within 24 hours of exposure. This speed enables your team to remediate threats before threat actors exploit a vulnerability, exposed database, or unsecured cloud bucket.
If you want to learn more you can schedule some time with our experts to discuss how CybelAngel can help protect your company from downtime, IP theft, and supply chain attacks. If you want to learn more about the specific risks facing the automotive industry please view our webinar: Data Leaks in the Automotive Supply Chain: The Race Against Cyber Threats