To co-incidence with cyber security awareness month, Gary Higham warns that cyber crime is an ever-evolving threat and that the automotive industry is not immune.
The sensitive customer data held by car dealerships makes them a target for cyber attacks and fraud and criminals are looking to exploit any potential vulnerabilities in their comms and IT systems.
Businesses need to understand the risks and what form attacks or fraudulent activity might take, so they can implement steps to mitigate them.
Identifying risk in the automotive sector
Criminals often target the automotive sector to steal identities, acquire sensitive data and intercept payments. The number of customer access points – phone, email, online – increases the opportunities for attacks and fraud.
There is also a multiplier of risk in the automotive industry created by the number of stakeholders that work together, including the consumer (vehicle buyer/seller), broker, finance provider and dealership.
Exploiting weaknesses
Random attacks often come in the form of malicious attachments which are used to extract customer logins. But there are also sophisticated, targeted methods where criminals are looking for chinks in the armour.
Vulnerabilities in a business’s partner and provider network such as their payroll or HR systems, can provide a way in. Hackers test these by submitting a fake application or purchase request to see if and where security measures exist, and how effective they are.
Most of these methods are carefully constructed to look as though they come from a genuine, trusted source and, to an untrained eye, can be very hard to detect. Criminals are prepared to put in the time and effort to understand a business’s processes by creating a fake identity or bank statement, for example.
Even the vehicle that they have shared selfies with might not be real.
The role of AI
AI is helping criminals create these false identities and is a significant factor in the increase in crime we’re seeing in the industry. At the same time, however, data and AI are helping firms detect and prevent fraud.
Businesses can use AI in the form of machine learning to recognise patterns and detect anomalies in fraudulent activity and the documents that criminals create.
By using predictive analytics, an AI-based system can anticipate customer behaviour and signal the need for further authentication. The speed at which AI can do this is crucial in stopping the attempt.
Open banking has also improved the safe sharing of bank statements. With the customer’s consent, regulated businesses can access financial data directly from their bank. The direct nature of this information sharing avoids the possibility of potentially fraudulent bank statements coming into play.
What businesses can do?
Here are four basic steps businesses need to take to protect themselves against cyber criminals.
- Training programmes for all employees: Employees are a known weak point in an organisation’s security, so regular training and awareness are as fundamental as authentication technology: e.g. new threats; what to avoid; best practice; using passwords.
- Update security technology: Email is the most convenient and popular means of communication and information sharing among customers. But it’s also the highest risk, so it’s important to add another layer of security. Multi-factor authentication helps keep systems more secure. AI-driven document verification will help ensure paperwork submitted by customers is the real item and can minimise risk. AI is also able to raise the alarm if the same face is appearing on documents with a different name, or if a face is subject to an unusually high number of requests.
- Industry collaboration: Organisations need to work together to share intelligence and stay one step ahead of the criminals. Creating an ‘industry neighbourhood watch’ to share information with partners and suppliers on common issues and threats can ensure that everyone is aware of new and prevalent attacks or vulnerabilities.
- Keep up to date: It’s useful to bear in mind that criminals are always one step ahead, and it’s important not to get complacent. Schedule regular security audits and software updates to keep up with new hacks devised by cybercriminals.
Maintaining focus
The effects of cybercrime can be crippling for businesses – the financial loss is a real sting and it’s difficult to operate normally while systems are under attack. The longer-term impact on customer trust is particularly detrimental.
Criminals will keep stress testing your defences but, by maintaining a focus on security, you do not have to be the weakest link in the automotive ecosystem, and customers will trust that their sensitive data and finances are protected.
Gary Higham is CTO at Zuto