Hackers Target Third-Party Suppliers in Automakers' Supply Chains
Hackers Target Third-Party Suppliers in Automakers' Supply Chains
According to VicOne's "VicOne Automotive Cyberthreat Landscape Report 2023," 90% of cyber attacks targeting automotive manufacturers are not directed at original equipment manufacturers (OEMs) themselves, but rather at other companies in their supply chains.
\nThis trend indicates that third-party suppliers — including logistics providers, service providers, and companies manufacturing components, accessories, or parts — have become an increasing focus of cyber attacks. One reason for the rising attacks is the growing complexity of vehicles and the integration of connectivity, automation, and advanced driver assistance systems (ADAS).
\nMost security vulnerabilities were found in chips or systems (SoCs), third-party management applications, and in-vehicle infotainment (IVI) systems. According to the report, one challenge in preventing cyber attacks is the existing regulatory gap concerning vehicle data. However, VicOne noted that the United Nations cybersecurity policy UN R155, which sets security requirements for newly manufactured vehicles beginning in July 2024, will be implemented.
\nMeanwhile, the automotive industry continues to suffer losses from cyber attacks such as ransomware and the disclosure of leaked data or personally identifiable information (PII).
\nThe report notes that more than 90% of cyber attacks target organizations other than OEMs within the supply chain, and attackers target less cautious firms because they struggle to compromise well-protected companies. This situation also impacts OEMs due to supply chain disruptions. Consequently, defending systems against cyber attacks is no longer just about protecting an individual company; it is about fortifying the entire supply chain.
\n