Today, companies are more worried than ever about how they can reliably secure their entire organization against cyber-attacks. Their main focus is on ensuring to put holistically secure products on the market, as well as to protect expertise stored in databases and private data of employees, suppliers and customers.
Growing number of cyber gateways
Due to the increasing digitization and more and more Internet of Things (IoT) applications, the number of enterprise vulnerabilities that can be spied on by malicious attackers is growing and will increase the incidents of cyberattacks, including, for instance, the cloud, servers, networks, the wireless Internet, individual computers and laptops as well as mobile devices and their software applications.
However, attack vectors, which means gateways for penetrating into the company's interior, are not only found in 'classic' IT, as companies are also vulnerable due to their IoT infrastructure: be it via networked building technology, unprotected data buses, systems, machines and equipment as well as controls, for example, from production plants.
Through additional networked technologies, which will be used in the future in the context of Industry 4.0 as well as in the connection with Smart Cities, further gateways will arise. Consequently, the risk for companies to become the target of cyber-attacks will increase massively.
Products and services must also be safe
Nowadays, companies are no longer safe when they just protect their typical IT and infrastructure. The example of the automotive industry clearly shows that for years the focus had to be on the holistic safety of the end products (in this case vehicles). Connectivity, the ability to connect to the Internet, significantly expands the overall vehicle system which is inextricably linked to a backend, to content and service partners, and interfaces with charging stations, diagnostic devices, and mobile devices.
In addition, radiocommunication transfers important information from the vehicle to the backend, and this in turn to mobile devices. All these interfaces need to be secured to minimize cyber threats, since all interfaces together form gateways for cyber-attacks that can influence safety-critical functions in the individual vehicle or in entire fleets.
In a second step, the company itself can become the victim of cyber threats. Both networked products and corporate IT or infrastructure can allow attackers to gain access to security-critical data and manipulate it for their own purposes, sometimes causing in the process massive damage to the company and vehicle occupants, as well as other road users.
Cyber Security Management Systems make security tangible
Businesses can make the threat of cyber-attacks on vehicle fleets manageable if they implement a holistic cyber security management system. In this system, similar to a quality management system, all divisions are mapped, coordinated and holistically aligned with cyber security.
Cyber security is becoming a new interdisciplinary system function of the company. Automotive companies are currently working on ways to integrate holistic cyber security long term into their processes and products over the entire lifecycle of a vehicle – thus, making cyber risks manageable.
Magility’s expert team has developed a Cyber Security Management System for the automotive industry that encompasses all supplier relationships along the hardware and software value chain, lives along the entire vehicle product lifecycle, and includes the entire end-to-end overall vehicle system. By implementing the holistic magility cyber security management system control loop, cyber security risks are becoming increasingly manageable both in traditional IT and in terms of vehicle features.
Among other things, Magility is as well a certified reseller of cyber security protection software, such as Blueliv software, a Spanish company with a very high reputation. Blueliv identifies cyber threats and helps to defend against them quickly and comprehensively, serving right now more than 100 customers worldwide, including the Allianz Group, Banco Santander, Telefonica, just to name a few.
By analyzing their cyber platforms, Blueliv can pinpoint which areas of security need to be addressed in-house and analyze what is happening outside the company in cyber security. Internet security, in particular attack security, is thereby holistically supplemented. Companies can license the web-based platform and have all interfaces to the outside in real time. Due to the non-intrusive character, no installation in a company's own IT is necessary, which makes the platform easy to deploy.
By Nada Lea Welker, magility