The Product Cybersecurity Perspective of a Data Breach

YANIV MAIMON

VP Cyber Services

June 30, 2024

In today’s digital age, the importance of cybersecurity readiness and resilience is critical. This is true for all industries but is particularly important in the automotive and smart mobility IoT sector. Organizations must be proactive in their approach to cybersecurity. Training teams through exercises that leverage real-life incident expertise is beneficial in ensuring readiness and enables teams to effectively prepare teams to handle real-world scenarios.

The rise in cyber-driven data breaches

In recent years, data leaks have become a prominent pressure tactic used by threat actors. The large amount of PII collected by organizations along with impact to supply chains, has made mobility and automotive players a prime target. With the growing expansion of SIM-enabled IoT devices, which offer connectivity to these sectors, stakeholders in IoT are now targets as well. The likelihood of a third-party compromise affecting multiple assets is high. An example is the data breach of a major Tier-1 supplier in, which impacted dozens of automotive OEMs.

Ransomware groups are a significant force behind these breaches. Their persistence highlights the need to enhance Product Security Incident Response Team (PSIRT) capabilities and address product-specific aspects of data breaches. In recent years, there have been numerous data breach incidents affecting Tier-1 suppliers, OEMs, IoT vendors and other players in the automotive and mobility ecosystem. Sharing insights, practices, and lessons learned from these experiences can be valuable for other organizations.

Data breaches add unique challenges to product cybersecurity posture

Data breaches are not new, and many law firms and Digital Forensics and Incident Response (DFIR) firms have established methodologies and best practices for handling common aspects of breaches, such as Personally Identifiable Information (PII), commercial data, and communications. However, product-related aspects of data breaches, particularly in the automotive and mobility ecosystem, pose unique challenges and require industry-specific knowledge.

Scale: identifying the breach’s impact and taking mitigation measures in product-centric organizations involves engaging multiple business units and functions, representing a significant portion of the organization.

Focus and prioritization: with recent breaches encompassing terabytes of leaked data, conducting a full deep-dive analysis of all breached data is nearly impossible. Prioritizing efforts and identifying key focus areas are imperative.

Practical DFIR aspects: identifying the right tools and techniques for investigation is crucial. Moreover, determining the appropriate keywords, file types, and analysis methods is essential for effective investigation.

The anatomy of a data breach often includes Controller Area Network (CAN) network captures, schematics, source code, and media files, all of which can contain intellectual property and security-related information posing a risk to the organization.

Triaging product aspects of a data breach
How to prioritize?
  • Immediate action (“DO NOW”): Identify and mitigate any directly compromising artifacts with an externally facing attack surface. These include credentials for remotely available resources, digital certificates, API secret keys, etc.
  • Nearly immediate action (“DO NEXT”): Analyze and address cybersecurity-related product artifacts and findings that could be exploited for product impact. Examples include Software Bill of Materials (sBOM), vulnerability assessment, penetration test results, and backdoor access mechanisms.
  • Medium and long-term action (“DO LATER”): Conduct further analysis of artifacts that may have long-term product cybersecurity implications. This includes a business impact analysis of intellectual property loss, product schematics and diagrams, source code, configuration files, network traffic captures (e.g., CAN), firmware images, etc.
Improving PSIRT capabilities and readiness
  1. Familiarity with third-party and supply-chain risk management: ensure PSIRT is well-versed in organizational third-party and supply-chain risk management processes and information.
  2. Cyber Threat Intelligence Monitoring: use cyber threat intelligence to monitor the deep and dark web for potential breaches affecting your organization and supply chain.
  3. Tabletop Exercises: conduct dedicated tabletop exercises to simulate a data breach affecting your product. This helps understand existing capabilities, highlight areas for improvement, and involve relevant stakeholders (e.g., safety, legal, compliance, public relations, investor relations) who would be part of a real incident response.
  4. PSIRT maturity assessment: Perform regular PSIRT maturity assessments to ensure your capabilities align with industry best practices.
  5. Regular training sessions: conduct frequent training sessions to improve awareness of evolving cybersecurity threats and risks.

By adopting these practices and continually enhancing PSIRT capabilities, organizations in the automotive and mobility ecosystem, including those utilizing IoT devices with SIM connectivity, can improve their ability to respond to cybersecurity threats and improve their posture and resilience.

Newsletter Icon

The 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Upstream Appoints Dr. Martin Hofmann to the Advisory Board to Accelerate Digital Transformation Across the Automotive Ecosystem

The automotive industry is undergoing a seismic transformation—vehicles are no longer just machines; they are intelligent, connected ecosystems generating vast amounts of data. With this…

Read more

ALPR Cameras in the Crosshairs: A Deep Dive into Critical Cyber Vulnerabilities

In a striking revelation, recent investigations have unearthed critical security vulnerabilities in a popular brand of HD automated license plate recognition (ALPR) cameras. Widely employed…

Read more

The Holy Grail of Vehicle Quality: Using Connected Vehicle Data for Recall Cost Reductions

The recent recall of approximately nearly 200,000 plug-in hybrid electric vehicles of a global OEM has once again shone a spotlight on the challenges facing…

Read more

The US Commerce Department Finalizes The New Cyber Rule, Reshaping Automotive Supply Chains

In a landmark decision to bolster national security, the US Department of Commerce has finalized a new rule aimed at safeguarding the supply chains of…

Read more
Skip to content