Security Solutions | 4 mins
This year’s edition of the World Aviation Festival takes off today. Aviation sector business leaders, innovators, and regulators converge here and collaborate on various opportunities and threats, including the aviation sector’s cybersecurity issues.
The festival's focus on driving digital transformation in aviation positions it as an ideal venue to explore advanced technologies like AI-driven threat detection, real-time monitoring, and automated penetration testing—all vital for mitigating risks in today's complex cybersecurity landscape. With ransomware attacks now the most common cybersecurity threat, affecting supply chains and airline operations alike, the festival is an ideal time to take stock of these increasingly frequent incidents.
These include the rise in ransomware and DDoS attacks, which have caused significant operational disruptions, as well as vulnerabilities in third-party risk management, a frequent source of data breaches. Here are the seven factors that aviation stakeholders need to note in order to improve their cyber resilience and fortify their defenses.
Ransomware is the largest threat to aviation cybersecurity
Ransomware attacks are indeed the most prevalent in the aviation sector. In 2023, ransomware incidents surged, with attacks on aviation-related supply chains increasing by as much as 600% compared to previous years, according to various estimates. Ransomware groups like LockBit and BlackCat have been particularly active in targeting aviation, including airlines and supply chain vendors. Globally, around 2.5 ransomware attacks per week were reported on aviation-related organizations, according to EUROCONTROL data. The second most common incidents are Distributed Denial-of-Service (DDoS) attacks, followed by data breaches stemming from supply chain vulnerabilities.
There are common attack vectors to watch out for
The primary attack vectors in the aviation sector in 2023 have been ransomware, targeting airlines and their supply chain. This was followed by DDoS attacks, which disrupted airport services and online booking systems, as well as supply chain breaches. For instance, the MOVEit supply chain attack impacted several major aviation companies, including British Airways and Aer Lingus. This shows that attacks on third-party vendors are becoming an increasing concern.
Time to detect and remediate keeps fluctuating
The median time to detect and respond to cyberattacks in the aviation industry has fluctuated wildly since 2020. As of 2023, the detection and remediation time remains highly variable. While some incidents such as certain ransomware attacks were detected quickly, others like the British Airways breach in 2018 went undetected for over two months. On average, it takes more than 90 days to detect a significant breach, a timeframe that hasn't improved much since 2020. The reasons include outdated legacy systems, the complexity of aviation networks, and third-party risk.
The aviation sector runs on thin profit margins
The aviation industry operates on notoriously thin profit margins, often between 3% and 5%, due to high operating costs such as fuel, labor, and maintenance. This leaves little financial room to absorb the costs of cyberattacks, which can be catastrophic. Issues, from criminal activities such as ransomware or DDoS attacks to large-scale technical glitches such as the Microsoft-Crowdstrike crash, can ground flights, leading to substantial revenue losses.
Financial damage from cyber-attacks is crippling
With this thin profit margin, the financial damage caused by cyberattacks in aviation is severe, from operation and goodwill loss to hefty penalties. The Gulf Air DDoS attack in 2023 led to operational downtime and customer dissatisfaction, affecting the airline's reputation and revenue. In 2022, the MOVEit supply chain attacks compromised sensitive data and caused financial losses for several airlines, while the British Airways breach in 2018 resulted in a record fine of £183.4 million by the ICO, highlighting the severe economic and legal consequences of inadequate cybersecurity.
Compliance gaps in third-party risk management are crucial
Many aviation organizations continue to face compliance gaps in third-party risk management. For instance, the MOVEit supply chain attack in 2023 exposed vulnerabilities in aviation-related IT vendors, showing how poorly managed third-party risks can lead to breaches. This was also highlighted in breaches involving major airlines like American Airlines and Southwest Airlines, where vendor vulnerabilities were exploited to steal sensitive data.
User behavior is a significant breach factor
The aviation sector has a broad internet-facing attack surface with a large number of user-access points. As such, weak user credentials and insider threats have been significant factors in several breaches. For example, in 2020, EasyJet admitted that nine million customers' data was compromised, partly due to weak user behavior. Another case is the Russia Air Transport Agency breach in 2022, where human error and insufficient insider threat mitigation contributed to the cyberattack.
These instances highlight the critical need for adopting proactive cybersecurity measures across the aviation sector, particularly in areas like automated vulnerability management, third-party risk management, real-time monitoring, and automated compliance management.
