Upstream Security Releases 2020 Automotive Cybersecurity Report and Announces First Automotive Threat Intelligence Service
HERZLIYA, Israel, Dec. 18, 2019 /PRNewswire/ -- Upstream Security, a leading provider of cloud-based automotive cybersecurity solutions, today released its 2020 Automotive Cybersecurity Report. The report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019.
The company also announced the general availability of AutoThreat Intelligence, its automotive threat intelligence subscription service providing comprehensive and actionable insights to threats on automotive and smart mobility services. The new service will be an integral part of the Upstream Automotive Cybersecurity, enabling analysts to leverage the feed directly within Upstream's C4 platform, providing domain expertise specific to automotive manufacturers, smart mobility and connected vehicle service providers. AutoThreat(TM) Intelligence can be enabled with any Upstream Security deployment or as a standalone service, adding no overhead to the customer operations with periodic updates and a rich set of reports, trends, and critical insights on the connected vehicle environment.
"With the rapid rise of attacks on the automotive industry, OEMs and smart mobility providers need extensive visibility and clarity into the threat landscape, helping them design the proper security architecture spanning their vehicles and cloud environments," said Oded Yarkoni, Upstream Security's VP of Marketing. "Our annual automotive cybersecurity report shows that the threats faced by the entire industry are real and increasingly more prevalent. The launch of our AutoThreat Intelligence service provides OEMs, connected fleets, smart mobility service providers, and MSSPs targeted insights so that they can take needed measures to protect themselves, their assets, and their customers."
Upstream's 2020 Automotive Cybersecurity Report introduces some of the key findings of the AutoThreat Intelligence research team for 2019 as well as solutions used by the industry going forward:
-- Connected vehicles are already taking over: 330 million vehicles are
already connected, and top car brands in the US market have stated that
only connected vehicles will be sold by 2020. This fact alone
exponentially increases the potential damage of each attack. A
wide-scale attack could potentially disrupt an entire city and even lead
to catastrophic loss of lives.
-- The number of automotive cybersecurity incidents has increased
dramatically: Since 2016, the number of annual incidents has increased
by 605%, with incidents more than doubling in the last year alone.
-- Most incidents are carried out by criminals: 57% of incidents in 2019
were carried out by cybercriminals (black hat) to disrupt businesses,
steal property, and demanding ransom. Only 38% were the result of
researchers (white hat) with the goal of warning companies and consumers
of discovered vulnerabilities.
-- A third of all incidents involved keyless entry attacks: The top three
attack vectors over the past ten years were keyless entry systems (30%),
backend servers (27%), and mobile apps (13%).
-- Everyone is affected, from automotive companies to consumers: over the
past ten years, every type of company in the smart mobility system was
affected. This includes OEMs, fleets, telematics, and after-market
service providers, and ride-sharing services along with consumers who
have had their property and private information were stolen.
-- A third of incidents resulted in car theft and break-ins: The top three
impacts of incidents over the past ten years were car thefts/break-ins
(31%), control over car systems (27%), and data/privacy breaches (23%).
-- The vast majority of incidents in 2019 involved remote attacks: 82% of
incidents in 2019 involved short and long-range remote attacks, which do
not require physical access to the vehicle and can be carried out from
anywhere in the world.
-- Awareness is increasing: More automotive vulnerabilities are being
listed, with 66 CVEs (common vulnerabilities and exposures) listed to
date. The use of bug bounty programs, which has been popular in
enterprise infosec, is on the rise as more automotive companies adopt it
as a way to discover vulnerabilities. These programs offer compensation
to researchers (white hat hackers) who discover and report
vulnerabilities to the owner company. Additionally, government officials
and consumers are demanding regulations and laws to protect them against
cybercrime in the automotive space.
-- The industry is adopting a multilayered security approach: This involves
new regulations and standards, security by design, in-vehicle and
cloud-based automotive cybersecurity solutions, and expanding SOCs to
VSOCs (Vehicle Security Operations Centers) for early detection and
rapid remediation.
A full copy of the report is available for download at Upstream Security website.
About Upstream Security
Upstream Security is the first cloud-based cybersecurity solution purpose-built for protecting connected vehicles and smart mobility services from cyber-threats and misuse. Upstream's C4 platform leverages existing automotive data feeds to detect threats in real time and delivers cybersecurity insights supported by AutoThreat Intelligence, the first automotive cybersecurity threat feed in the industry. Upstream Security is privately funded by Renault Venture Capital, Volvo Group, Hyundai, Nationwide Insurance, CRV, Glilot Capital Partners and Maniv Mobility.
For more information, visit www.upstream.auto or follow us on: LinkedIn, Twitter, Facebook, YouTube.
View original content:http://www.prnewswire.com/news-releases/upstream-security-releases-2020-automotive-cybersecurity-report-and-announces-first-automotive-threat-intelligence-service-300976874.html
SOURCE Upstream Security
