Data security and the fleet industry

Due to the relative infancy of cybercrime, security may still be an afterthought or low on businesses’ priority list.

And as technology continues to develop at an exponential rate, so too do the opportunities to exploit vulnerabilities, extract data, extort funds and expose businesses. The more we take advantage of the growing technologies to make our fleets run smoothly, the more vulnerable we become to over-reliance on those very systems should they fail.    

The rise in paperless systems and connected car technology, along with more sophisticated and less easily detectable methods of attack, from phishing to malware, further compounds fleet businesses’ exposure to cyber risk and underlines the need for more robust measures to prevent a breach. 

Technology certainly has its benefits, from convenience to efficiency, and it now plays an integral role in today’s fleet business. But easy access to data can be a double-edged sword. Although data is just a click away for a fleet manager, it can just as easily be at the fingertips of a hacker, without the right defences being in place.    

A hack of a company’s data could lead to service interruptions, customer data breaches, hefty fines and potential legal action. But it is not just the initial monetary fallout that needs to be considered. The reputational damage from a hack could have a lasting effect and put the future of the business in jeopardy. 

More worryingly, a hack can also put the lives of drivers at danger. 

Cyber risks and connected cars

For the fleet industry, one of the pressing concerns when it comes to cybersecurity is the potential threat to driver data and personal safety. 

Whilst in-vehicle connectivity, from infotainment and bluetooth connection to navigation and system controls, is a common expectation of drivers today, it also introduces a variety of vulnerabilities that hackers can exploit. 

With the emergence of autonomous vehicles, hackers have shown that they are not only capable of tapping into private customer data collected by the on-board system, but also remotely access and control vehicle components, such as braking, accelerating and engine stop-start operations.

In 2020, hack researchers tricked Tesla’s Autopilot mode to accelerate to 85mph.

McAfee hackers manipulated a speed limit sign to trick two cars, a 2016 Tesla Model X and Model S in self-driving Autopilot mode, into seeing 85mph instead of 35mph sign. 

It is not the first time Tesla has had such vulnerabilities exposed. 

In what was believed to be the first remote hack of a Tesla vehicle, Chinese white-hat hacker group, the Keen Security Lab at Tencent, managed to remotely hack the Tesla Model S through a malicious Wi-Fi hotspot back in 2016.

For fleets, this a key cybersecurity challenge for the future. Attacks in which hackers overtake control of vehicles threaten the security, privacy and safety of drivers and other road users. Moreover, whole fleets can be impacted.

The good news is that manufacturers are reacting to these threats and vulnerabilities and are investing heavily in cybersecurity measures.

According to analysts at Frost & Sullivan, software spend was set to reach $168.8bn (£133.3bn) by 2025, while investment in car cyber security is expected to grow by almost 25% over the same period.

Managing cyber risks in your fleet

Although responsibility for cyber security of connected cars lays largely with manufacturers, there are steps that fleet managers can take to mitigate cyber risks and strengthen their defences.

Implementing a comprehensive cyber security strategy is an important first step – particularly as data security accelerates up the business agenda. 

A report by the European Union Agency for Cybersecurity recommended that businesses within the automotive industry introduce specific policies (covering security, privacy, asset management and risk and threat management), organisational practices (such as relationships with suppliers, employee training and incident management), and technical practices (such as software security, cloud security, detection and access control). 

From encrypting systems and clouding data, to conducting regular software updates and forming a robust response plan, fleet managers can put measures in place to prevent an attack, as well as plan for almost every eventuality.

Companies can also consider embracing Intrusion Detection and Prevention Solutions, which can provide reliable protection against cyber-attacks on vehicles in the field. 

Raising cyber security awareness amongst employees and carrying out regular staff training is also imperative, as often, the human is the weakest link in the information security chain. 

There may be a reticence to redirect resources to the implementation of a cyber security strategy, but with almost half of businesses (46%) reporting having cyber security breaches or attacks in a 12 month period (Cyber Security Breaches Survey 2020), businesses cannot afford to take the risk.

Vigilance is essential

With the fleet industry’s dependence on technology growing, it is clear that complacency when it comes to the risk of data security is not an option. All fleet businesses are vulnerable to attack, no matter how large or small, and steps should be taken to mitigate the risks.

Cybercriminals are not concerned by size or value and are often non-discriminatory in their pursuit of profit or disruption. 

As tactics become more aggressive and sophisticated, fleet businesses need to be one step ahead of the perpetrators or face the negative implications.

In the end, it could be the key differentiator that gives vigilant fleet businesses the competitive edge.   

To learn more about Fleet Operations services, speak to one of our experts.  EMAIL US advice@fleetoperations.co.uk