4 Ways to Destroy Your Dealership's Cybersecurity
The risk of cyberattacks for auto dealers is higher than ever, and so are the costs--84% of consumers said they would not buy a car from an auto dealership that experienced a data security breach.
Given that they collect, process, and store enormous quantities of customer data, auto dealerships are attractive targets for cybercriminals. Especially since the entirety of the data handling occurs within the auto dealerships’ dealership management systems (DMSs). Dealerships deal with personal data, credit applications, and financing information, to name a few types of the copious amount of sensitive data auto dealerships handle.
However, many large industries deal with vast amounts of data, so what makes auto dealers so vulnerable? Well, the fact of the matter is that today’s cybercriminals are technically sophisticated and well equipped. Despite this, most auto dealerships run on outdated technology maintained by IT personnel that are not professionally trained to defend against cyber threats. This leads us to the first way in which you can destroy your dealership’s cybersecurity, which is not acknowledging there is a treat, to begin with.
Not acknowledging cyberattacks as a treat to your dealershipIf you do not acknowledge the severity of the threat of cyber-attacks on your auto dealership in the first place, you cannot accurately assess your risk and then take preventative measures.
Based on a CDK Global 2018 dealership cybersecurity study, 85% of IT-related employees say their dealership was the target of a cyber-attack within the last two years, despite 67% of respondents being confident in cybersecurity efforts prior to the attack.
Dealerships have been victims of cyber-attacks that can access sensitive information, such as dealership bank account numbers, routing numbers, login credentials and customer credit card numbers, addresses, social security numbers, and credit scores.
Considering that some dealership groups report that up to 20 vendors may have access to their DMSs or other internal systems, it goes to show how quickly things can go south if even just one of their employees becomes compromised.
Not acknowledging there is a threat is the number one biggest way to make your auto dealership a magnet cyber-attacks, because it leads to our next mistake which is not investing in cyber security measures.
Not investing in cyber security measuresIf you do not invest in cyber security measures you will not have the means to identify, detect, protect against, respond to, and recover from cyber-attackson your auto dealership.
Seven of 10 respondents said their dealerships invest in cyber-security measures. But more than 60% acknowledged their dealerships have not conducted a formal risk assessment to identify foreseeable internal and external cybersecurity risks, do not conduct regular tests for security systems and processes or do not have a formal process to respond to security incidents. This brings us to our next point of maintaining your auto dealership’s cyber security efforts.
Not keeping cyber security measures up to dateSimply putting resources towards cyber security measures is not enough, especially when the landscape of cybercrime is constantly changing for auto dealers. Failure to perform up-keep on your cyber security efforts allows you to fall victim to the cyber criminals of our current day who are technically innovative, well equipped, and continuously finding new ways to infiltrate and attack.
Automotive News reports that “On an average day, 153 viruses and 84 malicious spam emails are blocked by technology on a dealerships network.” And those attacks are only growing more sophisticated by the day. Furthermore, social engineering is thought to be the leading tactic used in phishing and cyberattacks on auto dealers, as KnowBe4 estimates that “91% of attacks rely on social engineering.”
Taking a comprehensive approach to preventative measures requires continuous monitoring and in-depth knowledge of current threats and countermeasures. As an auto dealership, you may not hold the most extensive knowledge on cyber security, as it is not your job to do so. But that brings us to the final biggest mistake you can make which is not working with industry professionals who do.
Not working with cyber security professionalsWhile security tools and automations will be critical for monitoring and massive amounts of data that your auto dealership handles, these resources and processes are not as useful if you do not understand the knowledge and intention behind them—or at least have someone who does understand.
A survey from Total Dealer Compliance reports that only 30 percent of dealers employ IT personnel who have completed computer security training or certifications. Not that certifications are everything but finding the right cyber security company to work with is key. A company that approaches security as a process is critical because no company can guarantee that you will never be hacked, but they can be with you through every step of the process. For example, Achillion ensures that you will never face cyber security risks alone again.