In this blog, we explore the ways in which mobility firms have struggled with cybersecurity and how finding and retaining the right talent can help you overcome your cybersecurity challenges.
The growth of connected cars, autonomous cars, the Internet of Things, machine learning and AI has revolutionized the mobility industry in recent years and that’s only set to continue. That creates unprecedentedamounts of data and a whole new range of vulnerabilities in our cars.
Unfortunately, security has not kept up with the hackers.
For every new source of customer data, there’s a bad actor trying to get access. For every vulnerability in the operation of a tech-enabled vehicle, there’s the potential for somebody to interfere with or even steal a vehicle.
As veteran hacker Samy Kamkar put it, “the more features automobiles add, the wider the attack surface is.”
In this blog, we explore the ways in which mobility firms have struggled with cybersecurity and how finding and retaining the right talent can help you overcome your cybersecurity challenges.
Last month, the Mozilla foundation (makers of the Mozilla Firefox browser) released the results of an analysis of 25 different car brands. The results should be a big wake up call for the mobility industry.
Every single one of those 25 cars earned Mozilla’s “Privacy not included” warning label for data privacy. As a comparison, 63% of mental health apps reviewed by the foundation (another category that they say performed especially badly) earned the same label. Cars, they say, are “the worst product category we have ever reviewed for privacy.”
Why did cars perform so badly? Firstly, they collect a lot of data:
1. They collect information about where you drive, how you drive, and other much more personal details about what you do in your car.
2. Most car companies sell customer data with service providers and partners.
3. According to Mozilla, 92% of the companies they surveyed don’t give customers a way to delete or control their data.
That’s a concern for car companies. Tech companies have already faced multi-billion-dollar fines for breaching data privacy rules and mobility companies don’t want to go the same way.
When you collect and hold that much customer data, you’re also vulnerable to a data breach, and there are already examples of cars that don’t have the cybersecurity standards that they should have.
- In 2013, researchers used a cell phone to hackinto the operating system for a Corvette. They switched the windshield wipers onand, more worryingly, managed to cut the brakes.
- In 2015, Chrysler recalled one and a half million vehicles because they realized hackers could get access to brakes and transmission.
- In 2021, Eberspaecher had to halt production after a major ransomware attack that cost it somewhere in the region of $60m.
In other words,the mobility sector is putting pressure on itself from two directions: it’s collecting and processing more data than ever, but at the same time it's struggling to protect itself from hackers and bad actors.
The solution to both problems is to build and hire more cybersecurity expertise. But is it that easy?
The biggest challenge that mobility firms face when hiring cybersecurity talent is competition. Finance, healthcare, manufacturing, and a host of other industries are all competing for the same cybersecurity experts, not to mention the tech industry itself.
Competition within the industry is fierce as well. The industry is moving away from combustion engines and towards EVs, autonomous vehicles,and connected capability. It’s the biggest revolution the industry has seen in a century and firms risk being left behind if they don’t move quickly. Tesla and BYD are already established players and there are big moves coming from Saudi Arabia as well.
That competition drives up salaries. In the US, the average“base salary” for a cybersecurity expert who can test your vulnerability to hackers is $80k plus bonuses. If you’re looking for somebody with significant experience and a proven track record, that number could be as high as $100k.
Mobility firms don’t always have the right culture and opportunities for tech workers either. They want to work at the cutting edge,and they want to innovate. They’re used to the start-up culture, where they can move quickly, adapt, and learn. Automakers, in contrast, are often risk-averse and slow-moving.
If you’re worried, that’s because you should be, but there are a lot of things that established automakers can do to compete.
Salaries are the obvious part. Established companies have an advantage over startups in that they have a wider range of salary options that they can put together, with higher base salaries for the risk averse or bonus options for the target driven. They also have more established pension schemes and, usually, better job security.
Apart from that, you need to look at the roles and career development opportunities you’re offering. Do your tech hires come into an environment where they’re the tech specialist, and that’s the only role you want for them? Or can you put tech skills at the heart of your product design, giving them a chance to work and advance across the company, including into leadership roles?
Does your culture inspire and encourage innovation? Are failures met with discipline and disappointment, or do you embrace failure as a chance to learn and improve? Do you try new ideas or bury them in a years-long process of consideration?
Businesses are already taking action. GM has invested $100m a year in cybersecurity, with a team of 500 men and women in roles including penetration testing, cryptography, data analysis, and even in-house hackers.
But even that won’t be enough. Cars are set to be some of the most data-intense aspects of our lives and that makes them very attractive to hackers. That means it’s time for mobility leaders to take action.
Your talent acquisition strategy has to work in close partnership with your cybersecurity strategy. In such a competitive market, where you need to rethink not only how to find talent but also how to make your employer brand and value proposition attractive to them, the right approach is vital.
It starts with understanding the potential vulnerabilities in your systems and software, and then identifying the skills you need to protect your business, both now and in the future.
Then, you need to understand the market. Who are you competing with? What do the skilled workers you need look for from their employers? What are their salary expectations and their career aspirations? What changes do you need to make to deliver the roles, the skills development, and the business culture that they expect?
In other words, make sure you provide the right environment for them to flourish, learn, and earn. If you protect them and their career, they’ll protect your business and your customers.
