The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas, and similar trends are emerging in the smart mobility space. A recent Automotive and Smart Mobility Cybersecurity Report by Upstream Security indicates that the automotive and smart mobility ecosystem has seen a 380% increase in API-based incidents in 2022 compared to 2021. Additionally, APIs accounted for 12% of total cyber incidents in 2022, up from only 2% in 2021. When examining smart mobility applications and services, Upstream’s threat intelligence team reported that black-hat actors were found to be behind 53% of incidents, indicating malicious intent as the driving force of the majority of API-related attacks. The impact of these incidents goes well beyond data and PII breaches, often causing service disruptions, fraudulent activities, trust concerns and potential revenue loss.
Data-driven mobility services reshape traditional automotive revenue models, and offer continuous monitoring, helping stakeholders introduce new features and opportunities. According to research by McKinsey, 30% of automotive revenue will be attributed to data-driven and smart mobility services by 2030. However, APIs have the potential to cause massive traffic jams when maliciously manipulated, and traditional API security solutions often fail to detect sophisticated attacks that impact mobility applications, assets, and consumers due to the lack of contextual analysis of the impact of API transactions on moving vehicles.
In order to ensure a strong cybersecurity posture in the smart mobility ecosystem, a new approach to securing smart mobility API transactions is needed. This includes four key steps: mapping the potential attack surface, continuously monitoring API traffic, applying contextual anomaly detection, and mitigating and responding to cyber threats. Additionally, it is important to layer API discovery, profiling and monitoring with deep analysis of the behavior of mobility assets and the impact of the specific API transaction on safety.
In conclusion, the emergence of smart mobility services has led to a sharp increase in the use of APIs in the automotive industry, making them one of the most common attack vectors. Traditional API security solutions are not enough, and a new approach is needed to secure smart mobility API transactions. This includes mapping the potential attack surface, continuously monitoring API traffic, applying contextual anomaly detection, and mitigating and responding to cyber threats.
Key Points:
– The emergence of smart mobility services has led to a sharp increase in the use of APIs in the automotive industry, making them one of the most common attack vectors.
– According to research by McKinsey, 30% of automotive revenue will be attributed to data-driven and smart mobility services by 2030.
– Traditional API security solutions are not enough, and a new approach is needed to secure smart mobility API transactions.
– This includes mapping the potential attack surface, continuously monitoring API traffic, applying contextual anomaly detection, and mitigating and responding to cyber threats.