2 Wired articles :
The articles discuss how one industry is using the new Internet connected services and devices to give more functionality to their customers.
That’s great right?
So what did 2 researchers do 2011? they connected a laptop and controlled the car through the diagnostic connector. The auto industry laughed at them.
2 years later+ the automakers created a Uconnect network which allows an Internet enabled car to be controlled via the Internet.
We are reading this today, as during BlackHat conference in a couple of weeks the security researchers will reveal more details.
So, we already know paying absolutely no attention to Security eventually bites you, but how much money and resources should you spend on Security?
The automakers (multi-national companies) with millions of dollars in various budgets including IT will hire a CISO and/or product security person.
This Offense-Defense paradigm must be new for people not paying attention.
My guess is that the Offense(hackers) are actively finding new methods, and if you do nothing you _will_ get burned. So if you spend 10% of the current IT budget to at least start a review of where you are using ISO27001 and other frameworks. In products and company processes.
I would think 10% is minimum…. to start so you find out where you are.
We can help even in the smallest environments.