In the current business environment, email remains a vital tool for communication and collaboration. However, its widespread use has led to an increased risk of cyber attacks. Recent research has shown a concerning 55% increase in business email compromise attacks on businesses in 2023.
Of the different industries targeted by cyber criminals, the automotive industry has become a prime focus for email attacks, particularly in the form of business email compromise (BEC) and vendor email compromise (VEC) attacks. These attacks involve cyber criminals impersonating trusted individuals within the industry to deceive their targets into conducting fraudulent transactions or disclosing sensitive information. Their use of social engineering tactics makes them particularly dangerous as they can easily evade traditional security measures.
A recent study from Abnormal Security revealed a significant 70.5% increase in BEC attacks against automotive businesses in just six months. Similarly, VEC attacks saw a noteworthy increase, with 63% of automotive industry customers experiencing at least one VEC attack during the same period. These findings highlight the urgent need for enhanced email security measures within the automotive sector.
The attractiveness of the automotive industry as a target for email attacks can be attributed to the high-value transactions, such as those involving vehicle parts and inventory, making it a lucrative prospect for cyber criminals. The complex supply chain and vendor ecosystems that automotive companies rely on provide ample opportunities for threat actors to impersonate trusted vendors in their attacks.
To protect themselves from these threats, automotive businesses must implement a layered email security strategy. This entails a combination of security awareness training for employees, technology-based detection solutions, and foundational security measures. Employees need to be able to identify the warning signs of email attacks, such as urgent requests for sensitive information and poor spelling and grammar. Regular training sessions and simulated phishing exercises are valuable tools for cultivating a vigilant workforce.
Given the growing sophistication of email attacks, it is crucial to complement training with technology-based detection solutions. Advanced solutions leveraging artificial intelligence and machine learning can identify deviations indicative of suspicious activity within an email environment, even in cases where the emails appear authentic to the human eye.
Foundational security measures such as password management and multi-factor authentication also play a vital role in preventing further attacks in the event of a breach. Moreover, compliance with industry-specific and international regulations, such as the Automotive Industry Action Group (AIAG) cyber security guidelines, is fundamental for protecting sensitive information and maintaining customer trust.
Looking ahead, it is imperative that automotive businesses remain proactive in their approach to email security. By staying informed about the latest threats and investing in robust security measures, organisations can mitigate current risks and prepare to combat emerging threats as the cyber attack landscape continues to evolve.
In conclusion, the ongoing surge in email attacks poses a critical threat to automotive businesses. However, with a strategic combination of employee training, advanced detection technology, and regulatory compliance, organisations can safeguard themselves against these sophisticated cyber threats.
Mick Leach, Field CISO at Abnormal Security