More than 60% of cyber incidents in aviation are linked to human error

World Economic Forum task force with participation from BI.ZONE outlines the main cyber risks for the aviation industry today

February 6, 2020

BI.ZONE has become an official member of an international initiative “Building Cyber Resilience in the Aviation Sector” spearheaded by the World Economic Forum. One of the first results of this initiative is an analytical report by the Forum’s working group, containing a definitive list of cyber risks that threaten modern aviation.

Aviation is one of the most important sectors of the global economy and is classified as critical infrastructure in various countries across the world. Players in the industry are actively working to improve their efficiency and the quality of services provided, and are therefore quick to adopt technical innovations. These include artificial intelligence and machine learning technologies, biometrics, and expanding the implementation of Industrial Internet of Things (IIoT) devices. However, this process has a downside—the integration of new technologies makes companies more vulnerable to various cyberthreats.

The main cause of such vulnerability is the human factor. The report states that out of all insurance claims following a cyber incident in aviation, 66% were the result of negligence or malfeasance on the part of employees, and only 18% deemed as external threats. Industry participants themselves confirm that most encountered incidents are not to be written off as technical flaws, but rather human credulity or ignorance. According to surveys conducted among industry players, phishing was the main cause of cyber incidents in aviation in 2019. Also topping the rating are attacks which rely on other methods of social engineering, ransomware incidents, DDoS and attacks on network infrastructure.

The need to take serious measures is already being felt across the aviation industry. A recent study conducted by the Forum revealed that about 96% of board members are convinced that cybersecurity in their organizations is underfunded and that more resources should be allocated to this cause. 87% of CEO’s in large companies believe that the main risk factor in the security of their business is in fact poorly trained staff.

Authors of this report maintain that the key conditions that would ensure a successfully developed and improved cyber resilience in aviation is the integration of cybersecurity principles in all processes within every company, the creation of common standards, as well as the exchange of intelligence on threats, risks and best practices. It is the development of a unified approach to protection against cyberthreats that will become the primary goal of the initiative as it moves into its next phase in 2020.

In the case of aviation, cybersecurity should be given special attention, because here, the toll for overlooking a powerful cyberattack or even a simple human error could translate into the loss of dozens of human lives. We have long been talking about how important collaboration and information exchange are to the integrity of protection against cyberthreats. Many of our projects and initiatives, including Cyber Polygon, the international online exercise which we conduct in tandem with WEF, are aimed at expanding such collaboration. And now, we are pleased to be part of the Forum’s expert group for developing proposals on cybersecurity for the aviation industry, and I hope that the expertise of BI.ZONE in this area will benefit the entire global community

Dmitry Samartsev

CEO of BI.ZONE

It is worth noting that the same is happening in other industries. According to the data from Threat Zone’19—the annual analytical study prepared by BI.ZONE—more than 80% of attacks on customers in the Russian banking sector are committed using social engineering, and 3 out of 10 employees of domestic companies are vulnerable to phishing.