The automotive industry is currently undergoing one of the biggest technological transformations of any field. The advent of autonomous driving and increased connectivity is changing how automakers, automotive parts manufacturers, and supply chains operate, creating new, constantly evolving business models. Connected car computer systems also mean more data collected and processed, bringing higher risks of cyberattacks.

According to Upstream Security’s 2021 Global Automotive Cybersecurity Report, over 200 automotive cyber incidents are publicly report in 2020. In response to this growing cyber threat landscape, the United Nations Economic Commission for Europe (UNECE) published regulations that require manufacturers to provide evidence of a certified Cyber Security Management System (CSMS) and a Software Update Management System (SUMS). Starting with 2022, any new car will need to receive these two certifications before they are approve for use on the road, and original equipment manufacturers (OEMs) will not be able to sell vehicles without them.

Today, automakers are organize into different groups, each focus on manufacturing different car parts. For cybersecurity to be effective, it needs to be a fundamental characteristic of each product across a vehicle’s entire lifecycle and the support systems behind the manufacturing and business processes. As such, automakers have begun implementing strict cybersecurity requirements for any company wishing to be part of their supply chain.

The importance of data security for automotive parts makers

Automotive organizations worldwide have begun adopting their own cybersecurity guidelines and compliance regulations to ensure cybersecurity requirements. For example, Germany’s automotive group Verband der Automobilindustrie (VDA) developed an Information Security Assessment (ISA) based on existing international standards ISO/IEC 27001 and 27002. All auto parts manufacturers, OEMs, partners, and companies part of the automotive supply chain, whether they are based in Germany or not, must submit to a Trusted Information Security Assessment Exchange (TISAX) assessment to prove ISA compliance.

The rise of data protection legislation around the world has also meant that auto parts manufacturers have had to ensure compliance with regulations such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to protect the personally identifiable information (PII) they collect and process from employees and customers.

Another key consideration for auto parts makers is intellectual property (IP) security, such as product designs, source code, patents, and blueprints. The confidentiality of such information is essential for companies to maintain their market advantage and trust partners and customers.

Protecting sensitive data from internal threats

To effectively protect sensitive data, automotive parts manufacturers need to understand that security threats do not only come from the outside. Traditional cybersecurity strategies tend to take a castle-and-moat approach that focuses on blocking outsiders from accessing data inside the company network. But while this approach can help protect data from potential external threats, it does not address another big root cause of data breaches: insiders with privileged access to sensitive data.

Whether through malicious intent or negligence, employees themselves constitute one of the biggest data security risks companies face. Therefore, auto parts manufacturers need to ensure they can effectively protect sensitive data such as PII and intellectual property from internal threats without significantly impacting employee productivity.

Companies can use Data Loss Prevention (DLP) solutions to protect sensitive data directly. Using predefined profiles for PII and intellectual property but also allowing manufacturers to create their own definitions to suit their business needs, DLP tools identify, monitor, and control the movement of sensitive data across company networks.

Auto parts makers can prevent files containing sensitive data from being transferred via insecure channels such as messaging apps, personal email addresses, or cloud and file-sharing services by using DLP solutions. With attempted transfers logged and reported, organizations can easily identify potential data leaks and insiders.

DLP solutions such as Endpoint Protector can also search entire company networks for sensitive data stored locally. Such practices can directly contravene data protection legislation requirements and customer non-disclosure agreements. By scanning, identifying, and applying remediation actions such as deletion and encryption, manufacturers can ensure that no files containing sensitive information are stored in unauthorized locations.

Limiting the use of removable devices

Another common exit point for data is removable devices. USBs, in particular, are easy to lose, forget and steal, making them one of the biggest data security blind spots companies need to address. To mitigate this threat, automotive parts makers have the option of using USB blockers that eliminate the use of USB and peripheral ports, effectively preventing employees from using removable devices.

However, blocking the use of removable devices may make it difficult for employees to perform their duties efficiently. Auto parts manufacturers can use DLP tools with device control features to manage and limit the use of removable devices to users that need them in their daily tasks or depending on their level of access to sensitive data. Admins can set different rights based on groups, departments, individuals, or particular computers. They can also limit the use of removable devices to trusted company-issued devices with a high level of security.

Device control features also make it easy for manufacturers to track which employee is copying sensitive data, when, and device. In this way, companies can identify potential exit points for sensitive data and malicious insiders looking to steal data.

Securing collaboration tools

Collaboration tools are widely used by employees in the automotive industry to keep track of their daily tasks, boost their productivity, and communicate with each other. And while they have proven very useful tools in the modern work environment, they also encourage sensitive data sharing, which can pose a security risk.

Whether adopted through official channels by companies directly or used unknowingly by employees, collaboration tools do not always meet the high-security standards required within an auto parts manufacturer’s network and may result in data being leaked or made available to unauthorized parties. DLP solutions can control the movement of sensitive data across popular collaboration tools such as Microsoft Teams, Zoom, Slack, and Skype, restricting its use and transfer.

Resource : Data Security Considerations for the Automotive Parts Industry | Endpoint Protector

Software Asset Management CyberSecurity Consultants in the Middle East (gcst.ae)