Tech News and Analysis

DR Technology

Automakers Need to Lock Their Doors Against Ransomware

Issues with patch management and other security practices leave auto manufacturers open to attacks.

Nearly half of the top 100 automobile manufacturers are "highly susceptible" to ransomware, according to a recent report by Black Kite.

"The Ransomware Risk: Automotive Manufacturing in 2021" report grades the performance of the top 100 auto manufacturers (and their top 100 suppliers) on various aspects of security preparedness. The group earned an overall C+ rating, indicating they were not very well prepared to fend off ransomware. The above heat map shows where the holes are.

As you might expect from a consumer-focused industry, automakers rated well for the security of their social network presence (92 As, 6 Bs, 1 C, and 1 D), brand monitoring (90 As, 10 Bs), and hacktivist shares (90 As, 9 Bs, 1 C). In addition, the sector overall did quite well in monitoring their attack surface (80 As, 20 Bs) and addressing fraudulent apps (80 As, 8 Bs, 10 Cs, 2 Ds). The companies also were well prepared for distributed denial-of-service attacks (35 As, 57 Bs, 8 Cs), and they generally kept their DNS health tuned up (51 As, 40 Bs, 8 Cs, 1 F).

Under the hood, however, four vital areas saw more than half of the companies earning Ds or Fs: content-delivery network security (53 Ds, 18 Fs), SSL/TLS strength (56 Ds, 14 Fs), application security (16 Ds, 49 Fs), and of course that pervasive vexation, patch management (6 Ds, 60 Fs). By now the vital importance of patching software has been thoroughly established, so hopefully next year's numbers will be better.

View the full automotive sector report from Black Kite.