Aviation cybersecurity: Room for improvement says SecurityScorecard

Aviation cybersecurity: Room for improvement says SecurityScorecard
TINNews |

Cybersecurity expert company SecurityScorecard has given the commercial aviation industry a “B” grade for the global aviation sector, but danger remains with extended digital supply chains prone to weaknesses. 

But the sector is not uniform in its performance, with airlines scoring higher than some of their service providers like aviation-specific technology vendors. This poses a crucial third-party risk for customers. This isn’t a one-way street, however, with some airlines also posing third-party risks to vendors with lax security. 

“This research yielded three recent examples of breaches at airlines exposing information on their aerospace & aviation vendors,” SecurityScorecard revealed. 

 

“Software and other IT products and services in general enable as much as 75% of third-party breaches across all industries,” the reported noted. 

But along with supply chain and third-party risks, the 2024 landscape report noted that “aggressive nation-state threats” are the other key risk for airlines and the wider aviation sector. 

The analysis took account of 250 businesses from across the sector, including commercial airlines, manufacturers, MRO and service providers, and software and IT providers to the industry. 

Although at least 70% of the companies and organisations measured scored “A” or “B” grades, the overall picture produced by the report is a worrying one, with 23% scoring “C” or below. 4% even scored the lowest grade available, “F”. 

There are clear disparities raised in the report, though. One example given is the wider performance of airlines (regardless of destination or consumer market). The better the overall business performance, the higher the airlines tended to score on their cybersecurity performance. But this did not follow budget lines; so low-cost carriers did not tend to perform any worse than other competitors. 

 

Geography was also cited as a key signifier, with Western European and Australian companies outperforming their Asian counterparts. 

A vulnerability was found in proprietary apps, with 34% of the lower-scoring companies having their grades pushed down by insecure apps. 

“The aviation industry operates on a complex web of partnerships, but a company’s security is only as strong as its weakest link. Our research shows airlines are flying blind on third-party risks. It’s time for the industry to take control and prioritise robust security measures across their entire ecosystem before turbulence turns into a disaster,” said SecurityScorecard’s Ryan Sherstobitoff. 

#END News
source: airport technology
Send Comment