IMOLA, Italy – Formula 1 racing once revolved around speed, and little else.
There was always drama and politics on the racing circuit — now part of the binge-worthy Netflix series Drive to Survive — but at its heart, Formula 1 teams used to focus purely on engineering feats resulting in the best and quickest cars destined to win race after race.
As technologies evolved throughout the decades, racing car designs followed suit. F1 became a hotbed of innovation, helped along by the millions of dollars poured into research efforts every year. Gone are the clunky, unwieldy motors, replaced with aerodynamic, sleek cars and components designed for eking out performance gains within tenths of a second.
However, safety is no longer purely about cars and drivers. Formula 1 teams and their parent organizations must now also secure themselves against cyberattacks.
It’s easy to forget that sports teams face the same threats as companies in other sectors and industries. Ransomware, blackmail, the theft of intellectual property, the compromise of customer, employee, or investor data, insiders willing to work for competitors — the list of threats and attack vectors is endless.
There’s a fortune at play for points in each race, and these teams are financial powerhouses. Indeed, some are worth upward of a billion dollars, making them lucrative targets for today’s cybercriminals.
While there have been past security incidents, such as alleged espionage, a recent ransomware attack emphasized how threat actors are taking a serious interest in Formula 1.
Ferrari, known for its cars, fashion, and the Scuderia Ferrari F1 team, said in March that its wholly owned Italian subsidiary, Ferrari S.p.A., suffered a data breach in which attackers “were able to access a limited number of systems in its IT environment.”
Names, addresses, email addresses, and telephone numbers were exposed. However, the company doesn’t believe financial data was involved.
A ransom demand was then made to Ferrari.
“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the company said.
A cyberattack is often challenging and painful to experience and recover from. It could have been worse, by the sound of it — but it is essential that the risk of future security incidents is mitigated.
Ferrari S.p.A. will integrate Bitdefender Advanced Threat Intelligence into its security operations center (SOC) and will bolster Ferrari’s existing security team by providing threat data and intelligence to triage suspicious activity and boost incident response.
At a press event announcing the partnership, Luca Pierro, head of cybersecurity at Ferrari, noted that the question is not if an organization is attacked, but rather when — and this includes “not only Ferrari, but other companies with strong brands and important reputations.”
“This is our mantra,” Pierro added. “Be ready to manage an adverse event.”
Ferrari security analysts will be able to access the Bitdefender Operational Intelligence API, a query service for cyberthreats and contextual data such as malware families, known threat actors, and victim profiles. According to Pierro, these facilities will strengthen Ferrari’s security posture and create “a shield for the company.”
While Pierro says that phishing and the human factor are the most frequent, first-stage attack vectors Ferrari faces — with lateral movement a secondary concern — such partnerships reduce the overall attack surface, a critical improvement for dealing with modern-day threats.
“In the past, we dealt with single individuals,” Pierro said. “Now we deal with proper criminal organizations. This is a game changer.”
According to Silvia Gabrielle, chief digital and data officer at Ferrari, it’s a matter of “managing” — rather than solving — cybersecurity challenges. Assets including mathematics, the technical details of cars, customer data, and employee records must all be protected — but there’s little point in protecting the intellectual property crown jewels unless the weakest links have been tackled first.
Dealing with modern threats quickly is becoming as important as the speed of the cars the company is famous for — and just as crucial is keeping pace with the evolution of cyberattacks.
Speaking of the extended partnership, Bitdefender’s chief executive and co-founder Florin Talpes said that the attack landscape must be considered, alongside “listening to the pain and needs” of customers.
“http://www.zdnet.com/”We are secure’ does not exist,” Talpes said. “Technology is evolving continually, [and this] changes what you need to defend.”
Disclaimer: Charlie Osborne traveled to Imola as a guest of Bitdefender.