The auto industry is one of the top 10 targets for ransomware, according to a new study.

The rapid adoption of digital technologies has left the industry vulnerable to harmful digital players, a study from NordLocker, an encrypted cloud company, suggested.

Out of 35 industries, the automotive industry ranked eighth in the number of ransomware attacks detected, making it less vulnerable than technology, IT, logistics and transportation, but more than municipal and legal services.

According to NordLocker, the automotive industry could be attractive to cybercriminals because of the basic processes that make up the inner workings of the industry.

“The auto industry has enthusiastically embraced the digitalization and automation of its internal operations, which has rapidly increased the productivity of the industry while making businesses more vulnerable to cyber attacks,” said Oliver Noble, cybersecurity expert at NordLocker.

He added that automakers were at increased risk of ransomware due to their close partnerships with customers and suppliers, because “access to a company’s data could pave the way for extortion by many.”

While large companies are lucrative targets, smaller ones are just as vulnerable to attack as they are easier targets.

“Small businesses typically don’t have the same cybersecurity controls in place as large businesses, making them an easier target for ransomware attacks,” Noble said. “That being said, large companies remain the prime targets because their deeper pockets and higher stakes make them more likely to pay.”

Here are some tips to keep your business cybersecure:

• Make sure your employees use strong, unique passwords to log into your systems. Better yet, implement multi-factor authentication.
• Secure your email by training your staff to identify the signs of phishing, especially when an email contains attachments and links.
• Implement and enforce periodic data backup and restore processes. An encrypted cloud might be the safest solution for this.
• Adopt zero-trust network access, which means that every request for access to digital resources by a staff member should only be granted after their identity has been properly verified.