Driverless vehicles and connected cars are creating a buzz in the marketplace, but as the industry races to produce the connected car of the future, it is letting cybersecurity fall to the wayside, according to new research from Synopsys.
In conjunction with SAE International, Synopsys published its report, Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices, which found that 84% of respondents have concerns that cybersecurity practices are not keeping pace with evolving technologies.
Nearly 600 professionals were surveyed as part of the study conducted by Ponemon Institute. Of those who partook in the survey, 30% reported that they do not have an established product cybersecurity program or team.
In addition, 63% said they test for vulnerabilities in less than half of their hardware, software or other technologies.
“Pressure to meet product deadlines, accidental coding errors, lack of education on secure coding practices, and vulnerability testing occurring too late in production are some of the most common factors that render software vulnerabilities,” the report said.
“Our report illustrates the need for more focus on cybersecurity; secure coding training; automated tools to find defects and security vulnerabilities in source code; and software composition analysis tools to identify third-party components that may have been introduced by suppliers.”
A large majority of respondents said they believe that an attacker could exploit a vulnerability, and 52% said they are aware of potential harms that insecure automotive technologies could cause to drivers, yet less than a third (31%) said they are capable of raising concerns that would actually be heard.
One issue that impedes the advancement of cybersecurity for automotive companies is a lack of both resources and skills. “On average, companies have only nine full-time employees in their product cybersecurity management programs. 62% of respondents say their organizations do not have the necessary cybersecurity skills. More than half (51%) say they do not have enough budget and human capital to address cybersecurity risks,” the report stated.