As today’s vehicles become ‘smarter’, with the help of onboard technology and network platforms, they become more vulnerable to cyberattacks. What can be done to assist this issue?

Leading cybersecurity performance centre, Hack The Box, is a leading gamified cybersecurity upskilling, certification, and talent assessment software platform enabling individuals, businesses, government institutions, and universities to sharpen their offensive and defensive security expertise.

The company assist businesses on how to implement effective incident response plans, identify vulnerabilities, create response protocols and much more.

We spoke to Haris Pylarinos, founder and CEO at Hack The Box, to learn more about how the company can assist the automotive industry and to highlight the threat of cyber-attacks.

Haris Pylarinos

Just Auto (JA): Could you provide some background on the company?

Haris Pylarinos (HP): Hack The Box started in 2017 as a learning environment for cybersecurity professionals and enthusiasts to get hands-on practice to grow their hacking capabilities. 

Today, we bring together the largest global cybersecurity community of more than 2.8 million platform members. We have developed Hack The Box to serve as a Cyber Performance Centre, helping businesses present a united front against cybercrime by aligning cybersecurity and corporate goals.

Our gamified, hands-on resources are ingrained with the latest threats so teams can stay ahead of ever more sophisticated risk. Through this approach, upskilling becomes accessible and engaging, supporting businesses in recruiting, upskilling, retaining, and tracking their cybersecurity team’s success. Hack The Box also supports businesses to navigate processes to promote a healthy security culture overall. It is not about if an attack will occur, it is about when. 

Today, we bring together the largest global cybersecurity community of more than 2.8 million platform members.


What are some of the main cybersecurity issues faced by the automotive industry?

As vehicles are increasingly interconnected, “smarter” and more reliant on external networks they have become more attractive targets for cybercriminals. There has been a substantial rise in the number of publicly reported vulnerabilities over the years, from 24 in 2019 to 378 in 2023. 

The number of potential entry points and weak links that bad actors can leverage have hugely increased, all of which can be sources for accessing personally identifiable information such as location data and driver habits, all the way up to compromising entire digital ecosystems.

And it is not just vehicles themselves that are at risk, the industry as a whole is a lucrative target with ransomware becoming a particularly prominent issue. The recent CDK Global attack affected over 15,000 dealerships that rely on its software to manage scheduling, sales, and orders. 

These rippling threats paralyse the automotive’s interconnected systems, casting a spotlight on vulnerabilities within the automotive supply chain, susceptible to further intrusions. Estimated losses from breaches in the sector have been projected possibly reaching $10.5 trillion annually by 2025. 

This emphasizes the growing scale of expertise cyber-teams must hold to keep operations afloat. In addition, the shortage of skilled cyber professionals across the board could reach 85 million workers by 2030, placing the automotive industry at a disadvantage. 

 
How can Hack The Box assist with these issues?

Hack The Box helps tackle these issues through several key initiatives.

One of the primary ways is through comprehensive upskilling and awareness programs which equip employees, regardless of position, with the knowledge and skills needed to identify and mitigate cybersecurity risks. 

For example, Toyota Motor North America, was searching for a solution to practice new skills hands-on while looking to bridge the knowledge gap between security and cloud. Through our simulations, mimicking real-world threats within the sector, employees were able to develop these practical skills in a controlled environment.

This helped to make sure their team was as up-to-date as possible on the latest techniques and could undertake a readiness assessment to monitor their preparation for any cyber incident.

Additionally, we help businesses develop and implement effective incident response plans, crucial for minimising disruptions and protecting critical systems when a breach occurs. 

Through helping businesses identify vulnerabilities, Hack The Box can support in addressing them, ensuring accountability and that clear roles and responsibilities are established.

By having clear and practiced response protocols, businesses can effectively contain incidents, reducing the risk of widespread impact. This ability to respond swiftly to incidents treads a fine line between containment versus catastrophe. 

This comprehensive approach, from top-level executives to frontline professionals, is an essential part of effective cyber management.


What more do you think needs to be done within the industry to reduce the threat of cyber-attacks?

Businesses need to continuously enhance their cyber-attack “readiness”, deploying strategies that can adapt to new threats as they emerge. This involves a rounded strategy that includes defensive, reactive, and recovery measures to ensure that the entire automotive ecosystem is protected.

By 2025, over half of significant cybersecurity incidents will be due to human error. This can stem from unintentional actions, like improper configuration of security settings, as well as deliberate insider threats.

Businesses need to continuously enhance their cyber-attack “readiness”

This highlights the need to address the human element in cybersecurity. Every employee, regardless of their role, should have a basic understanding of how to identify and respond to common threats such as phishing attacks and ransomware. 

Mental health in the industry should also be addressed as a primary concern for technical leaders. They must prioritise providing their workforce with the support necessary to bring out the best version of themselves, day in and day out. This promotes productivity and creates a sustainable working environment. 

This awareness can significantly reduce the risk of human error, contributing to a cohesive cybersecurity framework. Regular security audits, code reviews, and penetration testing should become standard practice.

 
What do you predict the future to look like for this space?

As we face many new compositions of vehicles coming into play in automotive, they bring with them new creative ways to be attacked, meaning even more strategic ways to defend are needed to balance the tide.

AI is fast becoming the linchpin of a cybercriminal’s toolkit, enabling more sophisticated automated attacks and intrusion techniques like AI-driven malware and deep fake phishing attacks. 

Self-driving cars have a heavy reliance on V2X communication to interact with other vehicles, infrastructure, and even pedestrians. Securing these communications against data tampering will be critical to prevent disruptions and maintain safety for drivers. 

EVs are reliant on power grids and constantly interconnected worldwide, making them vulnerable to data breaches, especially on public Wi-Fi networks that lack strong authentication.
 
To avoid these severe consequences on businesses, cybersecurity must become more of a core component of automotive corporate strategy, rather than being relegated to “just” an IT issue.

As cybercriminals increasingly target automotive supply chains and exploit vulnerabilities in third-party suppliers, manufacturers will need to implement stringent cybersecurity requirements for suppliers, conducting regular audits to ensure supply chain integrity.