Cybersecurity services for connected cars is expected to grow to over $4 billion by 2026. (Photo by Alex Wong/Getty Images)

ResearchAndMarkets.com on Friday estimated that the global external cloud automotive cybersecurity services market will grow from $1.74 billion in 2021 to $2.12 billion in 2022 at a compound annual growth rate (CAGR) of 21.8% — and by 2026, this market will grow to $4.14 billion with a CAGR of 18.3%.

The main types of security in external cloud automotive cyber security services are endpoint, application, and wireless network security. The different vehicle types include passenger cars and commercial vehicles.

ResearchandMarkets added that the number of connected cars will propel the growth of the external cloud automotive cybersecurity services market in the years ahead. Connected cars are vehicles that can access the internet to connect with other vehicles through an in-built connectivity system. Some of these features have been around for several years, but will grow in use as the auto industry moves more to autonomous and electric vehicles.

On the security protection front, the automotive industry needs to adopt a defense-in-depth strategy when it comes to security, said Ted Miracco, chief executive officer at Approov.

Miracco said many of the recent breaches have had a single point of failure, such as exploiting user credentials or API keys that have allowed anyone to unlock cars. Implementing zero-trust systems that verifies not only the user, but also the device, and the authenticity of the application creates an appropriate layered approach to security that can prevent these kinds of attacks, said Miracco.

“We see a bumpy road ahead for the automotive sector,” said Miracco. “We consistently find secrets (including API Keys) hidden within automotive applications on both iOS and Android. Traditional approaches such as code obfuscation have proven unreliable and we need to deploy additional capabilities to secure these vehicles. As more companies use mobile devices to unlock vehicles, we see an uptick in theft and this will impact consumers, insurance companies, and law enforcement.”

Dan Benjamin, chief executive officer at Dig Security, said when we factor in all the cloud-based infrastructure and services that enable these connected cars to operate, there’s great opportunity for exponential market growth in the coming years. However, Benjamin said there are inherent security risks — physical risks, data risks, and software risks with all these interconnected elements.

“DDoS attacks are the most significant threat,” said Benjamin. “A denial-of-service can shut down all the connected pieces of a car and interfere with the operation of any of the entities it’s connected with the car. Because so many of these entities and assets are connected via the cloud, that adds a layer of protection, but that does not make connected cars immune. Any investment in DDoS protection that auto manufacturers or other stakeholders in the value chain of connected vehicle systems make must be inclusive of cloud, data, and IoT security capabilities.”

Mike Parkin, senior technical engineer at Vulcan Cyber, said from a security perspective, connected vehicles present a range of challenges. Parkin said while many of the applications, streaming music, shopping, finding gas, are quite similar to their mobile app counterparts, they’re running on a platform that’s connected to a couple of tons of moving metal.

“It’s one thing to lose access to your media streams, and something quite different when your car won’t start, or shuts itself down in the middle of a freeway,” said Parkin. “While there are some measures in place to separate the functions, the fact that you can remotely access functions such as remote start and door locks from a cloud-connected app shows what’s possible. The safety and liability issues in this space will require cloud-connected vehicle applications to get ahead of potential threats and stay there. Applications will need to be developed to a higher security standard, and cloud security will need improved monitoring, authentication, and response capabilities.”