The Changing Road Ahead - Cyber and the Motor Industry
The motor industry isn’t immune from the ever pressing threat of cybercrime. With high profile data breaches and attacks across a wide range of sectors reported extensively in the media, Government statistics reflect the risk. 81% of large and 60% of small businesses have suffered a cyber security breach in the past year - and those are the ones we know about.
Traditional security considerations for motor traders and fleet owners alike usually centre on the physical risk, from premise security to keys and anti-theft devices.
However, the data held on your computer system is a valuable asset that needs protection as the breadth of potential threats - both from internal and external sources - is wide ranging. Common examples include phishing, malware and spyware, hacking and distributed denial of service (DDoS) attacks. This is concerning as the consequences can be devastating: reputational damage, business interruption and customer data theft, with potential criminal proceedings.
The increasing rate of data exchange isn’t just a risk to your business. For the industry, the pathway to automated vehicles requires an increasing level of interconnectivity and communication between vehicle control systems and the environment. This exchange makes the vehicle susceptible to risk just like ay other device in the web of connectivity.
For cyber criminals, attacking vehicle systems means some of the most sensitive and valuable data is available. Apps and services used to pay congestion charges and tolls gives access to bank details whilst insurance and tax details could facilitate personal identity fraud. Business phones synchronised to the vehicle leaves business critical data potentially on offer and developments such as keyless entry allow physical security to be bypassed.
Furthermore, details on the location of the vehicle can also be tracked. This means that criminals are able to locate vacant premises, leaving them vulnerable to a physical attack.
There are several key measures that you can carry out to minimise the risk of cyber-attacks on your business, including:
- Conduct training - educating staff in how to securely use your systems and recognise potential breaches
- Keep systems up-to-date - securing ‘patch’ software to automatically update programs to fix security vulnerabilities and carry out regular scans
- Monitor removable media - limit access to removable media, such as memory sticks, and scan them before uploading data to your company software
- Manage and monitor IT systems and network - control the access of staff, limit the number of privileged users, monitor activity and log and analyse unusual activity
- Create a disaster recovery plan - produce and test plans to ensure your business is prepared in the event of an incident
- Protect networks - implement network security controls to protect networks from internal and external attacks
To help protect yourself from potential cyber-attacks, RMI members who are part of our exclusive insurance policy from Allianz have access to the Cyber Essentials Assessment.
This is a free online questionnaire, developed alongside IT Governance, a leading global IT security consultant. This helps to identify where you could be at risk of a cyber-attack, followed by a tailored cyber security improvement report based on the answers you provide. There is also an option to apply for official Cyber Essentials certification
For more information, please visit or call the IGA member helpline on 0845 305 4230.
Phishing – emails and calls which target individuals, such as senior managers, to illegally obtain security information, personal and business details
Malware – software specifically designed to disrupt or damage a business’ computer system, putting a company’s operational systems at risk or enabling data to be hacked
Spyware – a type of malware installed unbeknown to the user, which covertly records private information such as keyboard strokes and browsing records
Hacking – involves unauthorised access to networks and systems, often to gain control and comprise sensitive or commercial data
DDoS – attacks use mass traffic to swamp a target’s communication links rendering the resource unavailable to users