As cyber-attacks grow increasingly sophisticated year after year, a company’s ability to protect their customer and financial data continues to be a serious focal point in every industry. Although organizations like financial institutions have seen steady increases in cyber attacks each year, cyber criminals are starting to turn their attention towards car dealerships. With the amount of customer’s data stored on a dealerships DMS (Dealer Management System), and the highly sensitive nature of the type of data stored, hackers have found that the automotive industry is an extremely appealing target. Further, due to the fast-pace sales environment at most dealerships, cyber criminals view these targets as low hanging fruit with a high payoff potential.
According to Automotive News, “successful cyber data breaches and hacking happen every few weeks at dealerships.” And this statement is very true. Cyber criminals are trying to find the quickest way to gather as much data as possible, with the least time investment needed. Car dealership systems house every piece of data that a cybercriminal is looking for:
- Social Security Number
- Credit Scores
A dealership’s system can contain this information for hundreds of customers, making it a very lucrative target.
Automotive News continued to say, “Nearly 84 percent of consumers wouldn’t buy another vehicle from an auto retailer if their personal data had been compromised…” That is a very damaging statistic in an industry that relies heavily on customer satisfaction and retention.
Although a strong IT System and infrastructure is a great start, the number one defense against a cyber-attack is staff preparation. Most organizations are quick to invest in firewalls and antivirus software but look at proactive measures as an added expense with minimal upside, which is far from the truth. One of the top cyberattacks utilized throughout the world is phishing. According to KnowBe4, 91% of data breaches start with a spear phishing attack. Furthermore, IBM’s 2019 Cost of Data Breach report shows that it costs a company roughly $150 for each record that is compromised. For even a small dealership, that could turn into millions of dollars in damages.
Dealerships everywhere are trying to find the best options to protect their data and the data of their customers. Focusing in on three major areas can drastically decrease the chances of a dealership becoming another data breach headline on the news:
- The first step in increasing cybersecurity is performing a risk-based assessment every 12 months. This is essential in finding potential issues within the policies and procedures of the organization. Having an expert work through an assessment of the policies and procedures to ensure everything is within the acceptable risk appetite level can drastically reduce the risk of a data breach. Although this can be completed internally, it is highly recommended to have a third-party consulting expert assist with this process because they will have no biasness towards the results of the assessment.
- One of the most cost effective ways to reduce risk is investing in the staff. With phishing being the leading cause of data breaches, the staff should be considered your biggest vulnerability. With a very small investment that liability can be turned into one of your company’s greatest strengths. Through Social Engineering Simulations and ongoing cyber security training, the staff can quickly develop new habits that will assist in identifying, reporting, and containing potential phishing attacks.
- After remediating the findings in the risk-based assessment, and increasing staff awareness, the final step is performing penetration testing and a vulnerability assessment. These will assist in finding potential gaps within the IT infrastructure that are difficult to locate any other way. These need to be performed every 12-18 months and should always be performed by a third-party expert. Although this is an expensive process, it is way less expensive compared to the cost of losing 84% of the customer base that results from a data breach.
The complexity and frequency of cyber attacks on the auto industry is only going to continue to grow each year, and the longer you wait to instill the necessary tools and practices to combat those threats, the further behind you will be. We all wish there was some magic product we could install that would make these worries go away, but the fact is cyber crime is an environment that is going to constantly change. The only way to stay ahead of it is with an ongoing program that continues to assess the current state of the cybersecurity, and then utilizes that information along with steps mentioned above to adapt the dealership’s policies, procedures, and infrastructure to the cyber threats that exist.