When the latest CIA cybersecurity breach was announced recently, people were thinking that the hackers are good. They broke into the CIA, the most sophisticated intelligence organization in the world. There are visions of wily hackers ensconced in some faraway land figuring out the latest code and encryption breaking schemes to crack into the CIA’s super-secret network.
The real story is very different and gives us a look into what we need to be concerned about in the automotive aftermarket industry.
The CIA breach was from a section of the CIA called vault 7 and contained sensitive data. This data was stored in what is called an isolated facility, which means there was no network connection to the outside world. Vault 7 was not on the internet, so a hacker could work on this problem all he wanted but can’t get to something he cannot connect to. So essentially this information came from an insider who was able to steal it and leak it to WikiLeaks.
This provides a clue to what is wrong with the dependence on IT departments to protect you from a cyber attack. It’s important to note that if this happened to the CIA, your company is certainly vulnerable.
It’s difficult for IT departments to stop an employee from stealing sensitive documents. No corporate IT technician is going to be able to prevent an employee from mishandling sensitive data, or shouting a password across a cubicle a coworker. This type of thing happens all the time.
Another problem is when an employee takes a corporate laptop with sensitive company information to the local coffee shop and connects to an open WIFI network where an opportunistic hacker can steal their information. Once again, your corporate IT department cannot prevent this.
Where Is the problem?
The problem is in process and procedures. Cybersecurity defensive technologies are very well built and evolving rapidly every day. However, these types of technologies will only help against actual brute force hacking type attacks. They will not save you from your own company’s missteps. And that is where the problem lies.
Say that your IT security person recognizes this problem and goes to the accounting department and says, “I want you to handle sensitive documents in a certain manner prescribed by a written set of rules to keep them secure.” The accounting department will have no authority to get this done, and hardly the inclination.
That leads us to the next problem. Company management needs to be involved at the strategy and policy level to accomplish these goals. Management at the executive level needs to show their seriousness about cybercrime and enforce these policies.
In a bank, there is a basic rule that you never leave without counting your cash drawer. Seems simple doesn’t it? I can assure you that the bank has corporate policies spelling this out. That is because banks learned a long time ago how to keep their money safe and secure. In the cybersecurity realm we are still learning how to keep our data safe.
The consequences
There are many scare stories in the cybersecurity industry and I usually try to avoid too much of the hyperbole. But there is one statistic that should be of note. The automotive aftermarket industry is deeply imbedded in a very sophisticated supply chain. Those relationships are essential to success in this business. But unfortunately, the threat to your supply chain is a real and growing problem.
The Gartner Group is the leading researcher for IT trends, and they said, “by 2018 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess risks in continuing relationships up from 5 percent in 2015.” Let me get into this a bit. They are talking about existing supply chain relationships, so if your company is not properly addressing its own cybersecurity it could potentially be a threat to supply chain partners you already have, not to mention getting new partners. Also notice they did not say counterparts cybersecurity, they said cybersecurity policy because this is the part of cybersecurity that is the most deficient.
There are between 30 and 100 computers in the average automobile today, and many readers work with many of these components. That number is going to grow. The modern automobile is an engineering and computing marvel. But don’t forget about your internal cybersecurity posture. It behooves everybody in the industry to understand the implications of working within your existing cybersecurity infrastructure and to bring it up to date and keep it updated moving forward. It can be done quickly.
If you do not have the help inside your company then seek outside assistance. I have seen what can happen to a company after a breach occurs and it can be devastating. I will leave you with one final thought I have used many times when dealing with corporate management, “there is no problem facing corporate America, that is more serious, more widespread and more fixable than cybersecurity.”
Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.
