Report highlights cyber risks to the aviation industry
It's fair to say that no industry is truly safe from cyber attacks these days, the aviation sector is at particular risk due to the volume of customer data it handles and the potential to cause widespread disruption.
A new report from SecurityScorecard focuses on cybersecurity vulnerabilities across the airline industry and its various supply chains.
This comes at time when regulatory bodies worldwide are ramping up cybersecurity requirements for the aviation sector. The US Transportation Security Administration introduced new mandates in March 2023, and the EU's Implementing Regulation 2023/203 will take effect in 2026, setting a new standard for aviation information security risk management.
The report finds that overall the aviation sector scores a 'B' for security -- B-rated companies are 2.9 times more likely to be victims of data breaches than those with an A rating. Aviation-specific software and IT vendors score the lowest, with a mean score of 83, posing substantial third-party risks for their airline customers.
Although only seven percent of companies in the sample publicly reported breaches in the past year, 17 percent had evidence of at least one compromised machine in the past year. In addition, airlines had four percent more breaches than the industry benchmark due to vulnerabilities in lower-scoring vendors raising their third-party risks.
Given trends elsewhere it's not entirely surprising that ransomware is the dominant theme in public reporting of attacks on this industry. Ransomware operators actively targeting aviation have included BlackCat, LockBit, BianLian, and Dunghill Leak.
Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, says, "The aviation industry operates on a complex web of partnerships, but a company's security is only as strong as its weakest link. Our research shows airlines are flying blind on third-party risks. It's time for the industry to take control and prioritize robust security measures across their entire ecosystem before turbulence turns into a disaster."
You can get the full report on the SecurityScorecard site.
Image credit: Iryna Rasko / Shutterstock