ensure-your-digital-transformation-is-successful

If you thought your digital transformation was going to be a slow-moving transition, think again. According to a recent research report from Information Services Group (ISG), the COVID-19 pandemic has expedited enterprise digital transformation by three to five years. Also, it’s a major trend in modern business fueling demand for technology and service providers, reports by Help Net Security.

“The pandemic has forced enterprises to explore new ways to enable remote work, manage supply and demand and remain competitive,” Prashant Kelker, partner and America’s leader, ISG Digital, told the publication. “Providers are supporting transformations that involve not just technology but a company’s entire operations and organization.”

How Can You Ensure Success for Your Organization in 2022?

Below is a summary of four Do’s and Don’ts for starting your digital transformation, according to Rajan Sethuraman, CEO of LatentView Analytics, originally published in Enterpriser Projects:

Focus on security:
With thousands of organizations transitioning to remote and hybrid office environments, many are at risk of cyber attacks. These new online environments mean that IT departments will have an even more difficult time making sure their employees aren’t falling prey to phishing and other scams. Organizations need to prioritize security with processes such as auditing employees’ remote work equipment and retraining them on IT guidelines for remote work as needed.

Don’t begin your digital transformation initiative without relying on your data:
Because your data is key to knowing where and how to start your digital transformation, it can guide you on how to make the best use of your resources and prevent bottlenecks in your workflow. 

Establish an effective, long-term hybrid work model:
With the ongoing pandemic, there is a good chance that hybrid work will become a new normal. It’s important to think about how to make your hybrid work model effective. For example, how will  your employees work together across different time zones? Also, how frequently will you require them to come to the office?

Don’t underestimate customer experience:
Digital transformation and customer experience are deeply entwined. Be sure to keep customer experience central to your transition. Consider where in the process you can enhance customer service. For example, creating a more “robust and organized database” will allow your customer service team to better respond to customers. To do this, you need deep knowledge of the customer journey. This means familiarizing yourself with every aspect of the customer experience, so you can make improvements as necessary. 

Your organization’s efforts are almost certain to face setbacks and uncertainty, especially as the pandemic continues to trigger unexpected supply chain and labor force hiccups. Staying focused on what you know while learning to navigate the unexpected will be essential to the success of your transformation.

Prepare Your Organization for Digital Transformation

Get your organization ready for digital transformation. The IEEE five-course program, Digital Transformation: Moving Toward a Digital Society, aims to foster a discussion around how digital transformation can transform various industries while also providing the background knowledge needed to smartly implement digital tools into organizations.

Contact an IEEE Account Specialist to get organizational access, or check it out for yourself on the IEEE Learning Network.

Resources

(11 January 2022). How the pandemic fueled enterprise digital transformation. Help Net Security.

Sethuraman, Rajan. (3 January 2022). Digital transformation: 4 do’s and don’ts for 2022. Enterpriser Project.

As modern vehicles grow increasingly connected, they are becoming a boon to cyber criminals in the process. According to the AV-TEST Institute, cyber attacks targeting vehicles increased to about 1.1 billion by the end of 2020. This is a significant rise compared to roughly 65 million a decade ago. 

A number of new standards, regulations, and best practices aim to help curb these attacks. Among these include 29 regulations from the United Nations Economic Commission for Europe (UNECE). In addition, there is the National Highway Traffic Safety Administration (NHTSA) best practices report. The SAE J3101 standard outlines hardware-protected security requirements for applications in ground vehicles. Moreover, the ISO/SAE 21434 standard is designed to safeguard vehicles from security risks across their lifetime. According to Security Boulevard, the new ISO/SAE 21434 standard specifies “various engineering requirements and recommendations.” It covers risk management in the concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic systems in vehicles, components, and interfaces. This automotive cyber security standard is significant. It will spur automakers, suppliers, and product developers to adopt a vigorous cyber security culture.

What Will This Cultural Shift Entail?

The auto industry’s cyber security cultural evolution will consist of transformations that are both human and technical, according to Automotive World

Human:

Every employee will need a basic understanding of cyber security and techniques for reducing risks. This means that employees involved in vehicle design will have to undergo regular training. Select experts will need to oversee cyber security in various organizational divisions. Furthermore, special budgets for security will need to be developed, and new functions and features will need to undergo testing.

“Security has to be part of the thought process, but this is going to be quite a difficult transition for many organisations as it is a fairly new topic for the auto industry,” Dr. Dennis Kengo Oka, Principal Automotive Security Strategist at global software company Synopsys, told Automotive World. “This will require a cultural change to promote cyber security from the top down.”

Technical:

New technical solutions will help safeguard vehicles from cyber criminals. Additionally, there are services that help original equipment manufacturers and suppliers make more secure products. However, there will still be security challenges. For example, open-source software has saved time and money for the auto industry, but it also increases the chances of errors. These errors create doorways for hackers. For this reason, it is essential to bring in services that specialize in automating open-source software management that can help identify potential issues.

“Large automotive organisations cannot develop everything on their own, and in many cases those open-source software components are very beneficial,” said Oka. “The challenge in using open-source software is managing it; you need to know which components and versions are being used in your products and systems. Also, you must identify if there are any vulnerabilities associated with those versions.”

As hackers grow more sophisticated, so will the challenge of securing modern vehicles. By creating a sound cyber security culture across the automotive industry from the ground-up, automakers and suppliers can ensure their vehicles and products are trustworthy and safe.

Understanding Automotive Cyber Security

Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements. This is important for both intelligent vehicles and the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Neustadter, Dana. (5 August 2021). Protecting Automotive Socs Starts With Secure Ip. Semiconductor Engineering. 

Oka, Dennis Kengo. (19 July 2021). Practical solutions for a secure automotive software development process following ISO/SAE 21434. Security Boulevard. 

Holmes, Freddie. (14 July 2021). Automakers must champion cyber security. Automotive World. 

Modern vehicles come strapped with a variety of computerized and connected components. These features can make vehicles more appealing to drivers. However, they are also risky, because they can serve as hidden doorways for cyber criminals. Currently, there simply are not enough security features in modern vehicles to keep them invulnerable. Furthermore, as vehicles become more autonomous, the threats grow.

What are the Current Threats?

A few common techniques cyber criminals use to compromise modern vehicles include:

Hacking mobile apps: Car manufacturers and app makers are transforming mobile phone apps into remote controls. While this feature provides convenience, it also inadvertently gives hackers potential entryways into drivers’ personal data. 

Malware: Cyber criminals can access unsecured Bluetooth devices and MP3 players. From there, they can use malware to hijack a vehicle. For example, a hacker could mask a virus as a music track, which lets them slip into the system as soon as the driver presses “play.”

Server break-ins: If a hacker manages to successfully penetrate a server, they could access all connected mobile apps, sales data, and controls. With this access, they can manipulate secondary vehicles connected to the server. Additionally, they may be able to access a car’s on-board diagnostic port, which they could then use to access its management system. 

Over-the-air software (OTA) updates: Hackers can tap into weaknesses in these updates to access vehicle systems, allowing them to take control of vehicles from anywhere in the world.

What are the Future Threats?

Cyber security threats don’t end with today’s connected vehicles. There is growing evidence that future autonomous vehicles, which will come equipped with a broad range of artificial intelligence (AI) features, will pose additional dangers to drivers and pedestrians.

“The increased uptake of AI technologies has further amplified this issue with the addition of complex and opaque ML [machine learning] algorithms, dedicated AI modules, and third-party pre-trained models that now become part of the supply chain,” states a recent report on the cyber security challenges in autonomous vehicles from the EU Agency for Cybersecurity (ENISA) and Joint Research Centre (JRC).

Software-defined vehicles, whose components are enabled primarily through software, pose one of the biggest cyber security challenges in the near future. These vehicles come equipped with a number of software components that require regular over-the-air (OTA) updates throughout a vehicle’s lifetime. These software components often come from a number of different suppliers, and they must be reviewed for vulnerabilities.

As such, manufacturers will need to take on complex security strategies to ensure vehicles with these components are trustworthy.

Such strategies can include:

  • Developing systems that require each OTA communication be formatted specifically within an applicable communications protocol, whether or not the source has been confirmed.
  • Establishing a protocol in which a system shuts off specific subsystems if a vehicle does not establish an OTA connection over a certain period of time, which could protect it against a potential attack. 
  • Analyzing software for threats through composition analysis, penetration testing, and periodic risk assessments. (This depends on “defense-in-depth strategies,” such as secure updates, identity access management, secure boots, and isolation-through-virtualization methods.)
  • Securing microchips in a vehicle’s electronic control units. Some methods include secure storage, tamper detection, and hardware acceleration for crypto-algorithms.

Cyber security will continue to represent a growing challenge for the automotive sector. As it does, vehicle makers will be wise to ensure their vehicles come equipped with the best security features possible. They also need to prepare for a future in which cyber security will be considered fundamental from the beginning to the end of a vehicle’s life cycle.

Focusing on Security and Safety

Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements for both intelligent vehicles and the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Smith, Jada. 25 June 2021. Protecting the Software-Defined Vehicle. CPO Magazine. 

Stevens, Gary. (6 June 2021). Securing Computerized Vehicles from Potential Cybersecurity Threats. Trip Wire.

Hope, Alicia. (8 March 2021). EU Agency for Cybersecurity Says Autonomous Vehicles Highly Vulnerable to Various Cybersecurity Challenges. CPO Magazine.

ransomware-surges

Cyber crime is on the rise. In the U.S. alone, McDonalds, Colonial Pipeline, SolarWinds, and JBS Foods were all recently forced to pay millions due to ransomware attacks that compromised their data. Former Cisco Systems CEO John Chambers predicts an onslaught of up to 100,000 ransomware attacks this year alone, which could cost organizations an average of $170,000 USD each. 

The absence of cyber security standards contributes to the problem. Almost all organizations invest in security procedures to protect their physical property from intruders. However, the threats to digital property are just as real, with fewer organizations developing adequate protocols to safeguard these assets. It’s not hard to understand why. Cyber security technology is complex and ever-evolving, and so are the threats. Keeping up with these changes is not easy or cheap. 

Voluntary Standards Are Not Enough

Despite the growing wave of cyber attacks, the U.S. requires very few of the sixteen most vital industry sectors to meet minimum cyber security requirements. With threats increasing, 86% of the Cybersecurity 202 Network—a panel of more than 100 cybersecurity experts—said that the government should require organizations in “critical industry sectors” to meet minimum cyber security standards, according to a recent survey from the Washington Post

While officials in the past considered voluntary standards good enough, that attitude is quickly changing. The U.S. government may soon require organizations considered critical to the nation’s interest to follow a defined set of cyber security standards. According to CNBC, a recent memo from the White House warned businesses that “the threats are serious and they are increasing.” The memo highlighted a number of best practices organizations can take to protect themselves from ransomware, including backing up data, systems images, and configurations, as well as regular testing and network segmentation. 

“If a company has done proper segmentation, every time the bad guys try to cross a segment you get the opportunity to detect them before they can trigger the malware,” Michael Daniel, president and CEO of the Cyber Threat Alliance, told CNBC. “By employing this practice you make yourself more resilient against having a successful ransomware attack launched against you, and if you do have one you’re usually able to mitigate the damage and recover much more quickly. This is what gives companies a lot more options than believing they have to pay the ransomware.”

A Problem Organizations Must Manage

Because a lack of universal cyber security standards is precisely what criminals are taking advantage of, it’s vital that governments and organizations develop them soon. In the meantime, organizations must grapple with cyber crime on their own. Those with mature cyber security strategies look at it as a threat they must manage rather than a problem to solve after it happens.

“For some risk you employ technology, for some you buy insurance,” Daniel told CNBC. “The point is that a company is actively managing the risk, not just hoping that something bad doesn’t happen to them.”

Among the steps organizations can take to manage cyber security risks are developing a strategy and ensuring employees are properly trained on how to deal with potential threats. 

Cyber Security Considerations for an Effective Cyber Strategy Within Your Workforce

Ideal for technical professionals across all industries who support their company’s IT departments and require up-to-date information on how to protect enterprise networks from potential threats, Cyber Security Tools for Today’s Environment is an 11-course program designed to help businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course program for yourself? Visit the IEEE Learning Network to learn more.

Resources

Hum, Thomas. (14 June 2021). Over 65,000 ransomware attacks expected in 2021: former Cisco CEO. Yahoo!finance

Caminiti, Susan. (11 June 2021). Cyber standards are key in battling ransomware attacks. CNBC.

Marks, Joseph. (11 June 2021). The Cybersecurity 202: Our expert network says it’s time for more cybersecurity regulations. Washington Post.

When it comes to personal data, individuals and governments alike are becoming more privacy conscious, and it’s not hard to see why. Cyber attacks ensnaring government and private organizations, such as those launched against SolarWinds and Colonial Pipeline, are becoming more frequent. Meanwhile, organizations are increasingly storing data in the cloud, where potential hackers have more opportunities to steal it. (Since 2020, about half of all corporate data has transitioned to cloud storage, a trend that is expected to accelerate, according to the statistics portal Statista). Furthermore, many websites and apps secretly collect users’ data. According to Pew Research, 79% of U.S. consumers say they are worried about how organizations are using their information, such as sharing it with advertisers and other third-parties without their knowledge. 

Regulators Are Taking Action

In Europe, the General Data Protection Regulation (GDPR) now dictates how governments must protect their citizens’ privacy and hands greater control of personal data over to individuals. While there is no federal law in the U.S. that protects data privacy, a number of states have begun hammering out their own laws to fill the void. As of last year, the California Consumer Privacy Act requires organizations to give Californians greater control over their personal data. In March, Virginia passed a similar law dubbed the Consumer Data Protection Act. Other states have passed similar measures. (See the full list here). 

A group of U.S. senators recently proposed a bill to protect consumer data privacy, signaling that the country may soon pass federal legislation affecting all 50 states. If passed, the Social Media Privacy Protection and Consumer Rights Act would require websites to give users greater control over their data and let them opt out of data tracking and collection. It would also require companies to list their terms of service in easy to understand language. They would also be obligated to notify users within 72 hours if their data is hacked. 

“This legislation will protect and empower consumers by allowing them to make choices about how companies use their data and inform them of how they can protect personal information,” Senator Amy Klobuchar, one of the bill’s sponsors, told The Verge in a statement

How Can Your Organization Prepare for Data Privacy Regulations?

Knowing that data privacy regulations are on the horizon, some major technology companies are already shifting their privacy models. Last month, Apple announced the release of a new option for iPhone users that lets them opt out of being tracked across apps. Only about 3% of users chose to be tracked, revealing that data privacy is valuable to a vast majority of users. Similarly, Google recently announced new privacy controls that include allowing users to erase the last fifteen minutes of their search history and reminders for mobile users that their location is being tracked. 

While data privacy laws are evolving, there are measures organizations can start taking now to prepare:

  • Make sure your organization is complying with all applicable industry regulations concerning data privacy and communicate to your users how you are doing this. 
  • Proactively communicate with your users. If there is an issue or breach affecting their data, immediately explain the problem. The explanation should include all details related to the incident, as well as any steps users need to take to resolve the issue. To provide additional reassurance, explain how your organization plans to avoid such issues going forward. 
  • Give your users greater control over their data. For example, adopting client-side encryption–where data is encrypted on the user’s device–is a way to help keep personal data private. Additionally, if your organization experiences a major security breach, the intruders will not be unable to decipher client-side encrypted data. Not only will this help protect users’ privacy, it will also maintain their trust. 

It’s no longer a question of whether data privacy laws are coming, but when. By taking steps to protect users’ privacy and giving them greater control over their data now, your organization can quickly adapt to regulations and build loyalty among users. 

Data Privacy Training for Your Organization

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Magnuson, Beth. (29 May 2021). Data privacy vs. innovation: The new rules of the road. Venture Beat. 

Kelly, Makena. (20 May 2021). Senators roll out bipartisan data privacy bill. The Verge. 

Taylor, Josh. (19 May 2021). ‘Privacy by design’: Google to give people more power over their personal data.  The Guardian. 

Carder, James. (17 May 2021). Data Protection in a Post-COVID World: How Organizations Can Prepare For a Security-First Future. CPO Magazine.

cyber-security-strategy

As the COVID-19 pandemic continues, more and more organizations are making the switch to virtual workspaces. Because remote employees rely on their home networks and equipment to do their jobs, this digital transformation poses some hefty security risks

A new report from Randori, a security consulting company, which surveyed 400 security-decision makers, reveals how cyber security risks have grown during the COVID-19 pandemic. According to the report, three out of four security leaders saw a boost in cyber attacks. 

Leaders are struggling to take action against these threats, with 76% feeling that the attacks were unavoidable and agreeing that prioritizing what to patch has become more difficult. Additionally, although 85% said they had a good understanding of their attack surfaces (the various points within a network that a hacker can target), 48% said they are knowledgeable of less than half of their attack surfaces. 

According to Scott Ikeda, a senior correspondent for CPO Magazine, a majority of decision makers view their ability to secure their networks’ most sensitive information and minimize reputational damage to their organizations as their top priorities. However, they are unclear about how to create strategies for doing so.

“Randori believes the central problem at present is that security experts simply do not know what is exposed to cyber attacks and what the relative network security risk levels are given this flurry of fairly rapid changes,” states Ikeda in CPO Magazine. 

Six Considerations for Building An Effective Cyber Security Strategy

Leading cyber security experts told Information Age there are six ways to create an effective cyber strategy for remote, hybrid, and office-based work.

Leverage communication and teamwork:

Every department within the organization should be involved in ensuring infrastructure security. Furthermore,  there should be regular communication over email, video conferencing, and other tools on the topic.

“Once a strategy is created it needs to be communicated to the wider business, ensuring buy-in and understanding. Everyone plays a role in cyber security, especially as employees are often the weakest link in your defence against cyber crime,” said Colin Blumenthal, managing director at Complete I.T., part of Sharp, a B2B product provider.

Analyze the risks and adopt the results:

Rather than simply following compliance-related security procedures, organizations should proactively evaluate possible risks within their networks, work to understand and reduce those vulnerabilities, and figure out how to eradicate them systematically.

“Once you’ve fixed what you’ve found, iterate. Do it until you think you’ve matured your incident response. Then start conducting red team exercises to see how [your team can] respond to a real attack, and again, continue to iterate–probably, forever,” said Kevin Reed, CISO at Acronis.

Build multiple lines of defense:

In today’s age of digital transformation, one line of defense won’t be enough to secure your organization against cyber attacks. You need to consider both internal and external threats to your data. 

“Whether it’s through a firewall breach, a stolen password, or a brute-force attack, a comprehensive and therefore effective security strategy should act to also protect the interior network—limiting any data loss or damage and maintaining continuity,” said Rashid Ali, enterprise solutions manager at WALLIX.

Tighten access to critical infrastructure:

Make sure you’re covering all the security basics, whether it’s “patching, implementing regular system updates, or tightening controls over privileged accounts and administrator credentials,” said David Higgins, technical director EMEA at CyberArk. However, you also need to go beyond the basics of security, he added. “Adopting strong privileged access management is a must. This helps prevent lateral movement, contain an attack and limit damage.”

Establish security priorities based on risk and value:

“A data security strategy has to consider all data and prioritise according to the actual risk,” said Chris Waynforth, area vice-president at Imperva. Audit your data to understand exactly what risk it poses; delete high-liability data while retaining only necessary data; and monitor the data in ways that allow you to spot and avert leaks. 

Leverage technology to reduce pressure on IT staff:

Implement top-notch technologies that will reduce “the impact of cyber breaches” and make your IT employees’ jobs easier, said Ian Pratt, global head of security for personal systems at HP. 

Cyber Training Solution for Your Organization Offered by IEEE

Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course program for yourself? Visit the IEEE Learning Network to learn more.

Resources

Hurst, Aaron. (16 April 2021). Creating and rolling out an effective cyber security strategy. Information Age. 

HOW COVID-19 CHANGED SECURITY – A LOOK BACK. Randori. 

Scott Ikea. (19 March). Cybersecurity Programs Struggling To Keep up With Attack Surfaces, Risk Priorities in Pandemic Conditions. CPO Magazine.

Currently, 200 million digitally “connected vehicles” are traversing the world’s roadways, according to a recent white paper from the 5G Automotive Association (5GAA). By 2024, real-time traffic updates will be possible thanks to road infrastructure that will be digitally connected. By 2026, advanced vehicle-to-vehicle (V2V) capabilities will help bring automated vehicles another step closer to reality.

Today’s vehicles contain more software than ever before, as well as a constellation of automotive systems in their power locks, brakes, windows, entertainment, steering, and other features. Future vehicles will come equipped with advanced autonomous capabilities and driver-assistance systems (ASAD) that will make them even more complex. 

These developments are happening rapidly. According to the research firm Frost & Sullivan, over 18 million new autonomous vehicles will be road-ready by the end of the decade. However, without appropriate regulations and advanced security features, these vehicles can become easy prey for hackers. With this in mind, many governments and automakers have already begun to take cyber security seriously. 

Standards and Regulations

The United Nations Economic Commission for Europe (UNECE) is in the process of developing automotive cybersecurity regulations. Known as WP.29, the regulation would enhance cyber security and software updates in vehicles. It will be mandatory for all vehicle manufacturers in the European Union beginning July 2024. While manufacturers in Korea and Japan have agreed to comply with WP.29 within their own timelines, manufacturers in North America won’t be required to adhere to them.

Additionally, the International Organization for Standardization (ISO) is working on ISO/SAE 21434, a standard that aims to establish “cyber security by design” from the initial phase of a vehicle’s design. The organization is also working to establish ISO 24089, a standard that would regulate software updates in vehicles.

Five Top Cyber Security Threats for Automakers

In order to ensure their designs are safe from cyber security threats, vehicle manufacturers have five main concerns they will need to consider, according to Security Intelligence. These include:

  1. Complexity: Future vehicles will come equipped with interconnected architectures containing embedded telecommunications that will make them challenging to secure.
  2. Attacks on the power grid: Recently, research has demonstrated that it would be possible for hackers to disrupt the power grid or trigger a blackout by attacking multiple electric vehicles that are charging at the same time. To prevent this, standards will need to be developed that require vehicles to undergo testing and come equipped with cyber security features.
  3. Mobile devices: Increasingly, mobile phones are being used to control the various functions and features of connected vehicles such as windshield wipers, locks, and heat/air-conditioning. These devices pose a range of security threats, such as when a user inadvertently downloads malware, fails to update their operating system, or has a faulty password. If a hacker manages to take control of their phone, it wouldn’t be difficult for them to take control of the vehicle.
  4. Untrained employees: In order to ensure cybersecurity is secure across all facets of a vehicle’s design, every employee engaged in the design process must be adequately trained in cyber security.
  5. Securing financial features: Since many hackers will likely be motivated to steal financial information from drivers, special attention must be given to financial security features such as payment for fuel, tolls, and subscriptions.

Change is often difficult, but vehicle manufacturers will need to adjust to international regulations and standards in order to gain the public’s trust. By getting a head start in the process now, they can ensure their vehicles are safe when they’re ready to hit the roads.

Protecting Vehicles

As the automotive industry continues to work on intelligent and autonomous vehicles, there is a need to better comprehend the safety and security of this connected technology. Automotive Cyber Security: Protecting the Vehicular Network is a five course program that aims to foster the discussion on automotive cyber security solutions and requirements for not only intelligent vehicles, but also the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization. 

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Dhami, Indy. (2 October 2020). Top 5 Threat Vectors in Connected Cars and How to Combat Them. Security Intelligence. 

Grau, Alan. (28 September 2020). Cybersecurity is Imperative for Connected Cars. Electronic Design.

Kohler, Arndt. (24 September 2020). Automotive Cybersecurity: New Regulations in the Auto Industry. Security Intelligence. 

O’Halloran, Joe. (10 September 2020). Connected vehicle association makes call for wireless spectrum to develop use cases. ComputerWeekly.com.

While autonomous vehicles are expected to be far less prone to accidents than driver-controlled vehicles once they’ve undergone substantial training, they may pose a more serious threat. Due to the over-the-air hardware and software updates these vehicles routinely require, experts believe they have the potential to easily come under attack from hackers who can use them to wreak havoc on the road, potentially turning them into weapons.

“Hackers, for instance, could remotely interfere with a connected vehicle and disrupt safety-critical systems and functions including the engine, brakes, and steering wheel, causing the driver to lose control. On a larger scale, a hacker could enter a single vehicle and access an entire fleet, as a fleet is only secure as its least-secure vehicle,” Moshe Shlisel, CEO at GuardKnox, told Help Net Security.

This cyber security threat means autonomous vehicles will need to undergo intense security vetting. 

Three Risk Levels to Consider

To better secure autonomous vehicles, three risk levels should be taken into account:

1) Critical hardware and software components that receive over-the-air updates must have supply chains that are adequately understood and protected.
2) The vehicle’s operating system must use an interface that is secure and equipped to repel cyber security threats.
3) Vehicle operating centers need to be secure.

Currently, there are no specific regulations mandating these considerations for autonomous vehicle cyber security. The SELF DRIVE Act, U.S. legislation surrounding the safety and innovation in testing and deployment of autonomous vehicles, requires a cyber security plan only for highly automated vehicles. Additionally, the U.S. Department of Transportation has not provided specific security regulations for advanced driver-assistance systems.

In Europe, the United Nations Economic Commission has been working on cyber security regulations for autonomous vehicles in the 54 countries it oversees. Under UNECE, regulations will mandate a Certificate of Compliance for Cyber Security Management Systems.

According to Shlisel, regulations are vital to ensuring autonomous vehicles are protected from cyber security threats, especially as these vehicles grow more connected and autonomous.

“Federal lawmakers should enact legislation–with the input of cyber security experts–setting uniform safety standards across the board for these vehicles. We see the beginnings of this in the U.S., as several bills–such as the SPY Car Act and AV START Act–have been drafted surrounding connected and autonomous vehicles, but no bill has yet succeeded,” he said. 

Potential Security Risks of AV Crowdsourcing

Crowdsourcing platforms like the Japanese-based group Autoware can help speed innovation in the autonomous vehicle industry. However, information sharing within crowdsource environments, which have multiple contributors, pose potential cyber security threats. While crowdsourcing may speed solutions, it’s important to ask these questions: 

  • How will unknown contributors be validated?
  • In what ways should the contributor be trusted, especially when it comes to their competence?
  • Is the contributor actually acting as an enemy?
  • Is it smart to unveil the code to anyone who can see it, particularly those who may have bad intentions?
  • Validation will be expensive — who will pay for it?

One potential solution is to rely on smaller consortia instead of larger crowdsourcing platforms, writes Rahul Razdan for Forbes.

“It would seem that for safety critical systems smaller trusted consortia which make the active engineering trade-off between innovation velocity and validation costs makes a great deal of sense,” Razdan wrote, citing the Automotive Grade Linux as an example. “In addition, in this structure, contribution equity and consortium stability issues can be much more easily managed. When this process can reach ‘escape’ velocity in terms of the producers/consumers,  there is a potential path to a more open system.”

Understand Autonomous Vehicle Technology

Prepare your organization for the latest developments in autonomous vehicle technology. Offer training in foundational and practical applications of autonomous, connected, and intelligent vehicle technologies. Developed by leading experts in the field—including Steve Vozar, CTO and co-founder of May Mobility—the IEEE Guide to Autonomous Vehicle Technology is a seven-course online training program.

Connect with an IEEE Content Specialist today to learn more about purchasing the program for your organization.

Interested in purchasing the program just for yourself? Access it through the IEEE Learning Network.

Resources

Razdan, Rahul. (9 May 2020). Open Source And Automotive Safety Critical Systems: What Are The Tradeoffs? Forbes.

Razdan, Rahul. (2 May 2020). Tesla Decepticons ? Is Automotive CyberSecurity A National Defense Issue? Forbes.

Zora, Mirko. (15 April 2020). Are we doing enough to protect connected cars? Help Net Security.

The Centre for Strategic and International Studies recently conducted a survey of IT managers and discovered that 82% of employers believe they lack cyber security skills in their organization. Out of those surveyed, 71% feel that this under preparedness causes harm to their organizations. Leveraging the latest technology might help reduce this damage. However, making sure employees understand how to protect sensitive information is key to closing the cyber security skills gap. After all, cyber security breaches can affect the company as a whole–from the company’s supply chain to the customer.

Cyber Security Shifts

As the world becomes more digital, the risk of cyber attacks increases. Organizations need to remain alert in order to avoid data breaches, distributed denial-of-service (DDoS) attacks, and ransomware. Many companies also view cyber security as a competitive advantage as consumers grow more aware of the threats their private information is facing. People want to protect their personal data, so it is crucial for organizations to make their customers feel secure when giving their information.

According to Gartner, spending on security products and services will increase to $124 billion in 2019, which is 8.7% higher than spending in the year prior. The more a company invests in cyber security, the more trustworthy they generally become in the eyes of consumers. As cyber attacks become more frequent, the demand for companies to be able to resist these attacks increases–as does the need for employees properly versed in cyber security best practices.

Cyber Security Talent Shortage

What can a company do if they currently do not have strong cyber security mechanisms in place?

  • Grow internally. Companies can improve cyber security by hiring experts or buying software to improve the company’s system. While this approach may be more difficult because of budgeting, it is often an easy way for a company to make progress more quickly toward closing their cyber security skills gap.
  • Educate. Cyber security is a team effort. All employees should be involved and educated on reducing infiltration and data breaches. The education of employees must be comprehensive and refreshed as new cyber threats are created. It is vital that companies make sure their employees are knowledgeable in how to protect the data.

A cyber attack can cost an organization up to $13 million USD. Training and education is a smart investment that requires company-wide engagement.

Improving Cyber Security at Your Organization

Having the right tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact a specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

 

Resources

Smerdon, Sandra. (21 January 2020). How business leaders can close their cyber security skills gap. World Economic Forum.

cloud-security-storage-risks-cyber-attacks

Cloud security threats come in many different forms including data breaches, hijacked accounts, data loss, denial of service, and system vulnerabilities. As organizations and individuals continue to adopt the cloud, securing all of the stored information is a top priority. Companies must be aware of the risks and solutions in order to prevent serious damage.

Security Risks to Cloud Data

Data Breaches

Any data stored in the cloud is at risk for cyber-attack. From phishing to security scams, hackers are constantly developing new ways of gaining access to sensitive information. This type of attack can damage a company’s reputation and affect its market position. Furthermore, it can also lead to legal issues if customers’ personal information was released.

Access Management

Without multi-factor authentication and strong passwords, cyber criminals can easily gain access to accounts. Once they’ve hacked into one account, unauthorized users can access private information. Depending on the hacked account’s permissions, bad actors could cause a sizable data breach.

Insecure interfaces

Because your company’s API and UI are exposed to the public, having strict authentication can help ensure that cyber criminals cannot gain access. However, inadequate security leaves your interfaces vulnerable to attack. Possible consequences include jeopardized confidentiality, accountability, integrity, and availability.

Data Loss

Although many cloud providers heavily focus on security, not all attacks can be prevented. Should hackers gain access to your system, it’s possible that they could erase all of your data with the intention of ransoming it. If no backup storage is in place, your organization could face a permanent loss of data.

Hijacking

Account hijacking is a form of identity theft that involves cyber criminals using stolen information in their attacks. When this occurs, your organization can lose control of its account, data, functions, business logic, and any other dependable applications on the account. A breach of this form should be taken very seriously. It can lead to large data leaks and damage to the company’s reputation.

Insiders

While outside hackers may be the first party that comes to mind, they are not the only threat to your cloud’s security. Current or former employees also pose a risk. Because they already have access to the company’s sensitive information, a malicious insider could expose or sell proprietary information. To minimize the risk of an internal attack, it’s vital to ensure user permissions are kept up to date based on employment status.

Best Practices for Cloud Security

As more people store their information in the cloud, the risk of cyber attacks increases. With a larger pool of potential targets, bad actors are furthered incentivized to develop new schemes. Despite this, the cloud is still a worthwhile storage option.

Steps you should take to secure your information include:

  • Encrypting data
  • Using two-factor authentication
  • Understanding open API frameworks
  • Making sure everyone uses hard-to-crack passwords
  • Restricting accessibility to sensitive information

Protect your business

Having the right tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact a specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

 

Resources

Nailwal, Mukesh. (14 October 2019). CLOUD SECURITY BASICS: HOW TO ENSURE THAT YOUR DATA IS SAFE. Techgenix.

Soni, Rakesh. (11 October 2019). The Rise of Cloud Computing Threats: How to protect your cloud customers from security risks. Customer Think.