Cybersecurity and the Auto Industry
Hyundai works through data breach
by Charles Parker, II
From the published accounts, there seems to be an uptick in attacks against the automakers. This could be focused on their sales platform, data warehouse, R&D, or other areas holding some form of data. Nissan was a recent victim as Hyundai India is.
Recently the automaker published a breach through their defenses. The breach allowed the attacker(s) in and allowed them to find data or other useful (e.g., expensive) data. The attacker’s focus for this successful attack had been sensitive customer information (i.e., names, addresses, email addresses, telephone numbers, vehicle specifics, and other client data points) for Hyundai India customers only. A portion of the data is very useful. Other data (e.g., registration numbers, colors, engine numbers, and mileage) could also be used for fraud or other cases of misuse.
This has been corrected; however, the events do provide guidance for us. Even if the business is large and global, there is still the need for SAST and DAST. There are areas and dependencies the programmers will do their best to account for and state it’s good, but it just takes one or two vulnerable areas in all the code to create an issue and RUE (Resume Updating Event).
About the Author- Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries
Comments