Top 2 Cybersecurity Threats for Auto Dealers in 2020 - AutoSuccessOnline

Main Navigation

Advertisement
Social Connect
Resources
Our Brand Family
AutoSuccess Online
The No. 1 Sales-Improvement Source for the Automotive Professional
Blog

Top 2 Cybersecurity Threats for Auto Dealers in 2020

Dealerships are vulnerable to cyberattacks because they store personal and sensitive information for thousands of customers.

Erik Nachbahr, CISSP
By Erik Nachbahr, CISSP
Erik is the president and founder of Helion Technologies.
Published:

Cybercrime is the fastest growing type of crime in the U.S., according to the FBI. Nearly half of all cyberattacks target small- to medium-sized businesses. It’s not a matter of if, but when your dealership will fall victim to a sophisticated cyberattack.

Related Articles

Although many types of cybercrimes are perpetrated against U.S. businesses, auto dealerships are most vulnerable to social engineering attacks and ransomware.

Social Engineering

This type of attack involves manipulating people to perform an action that benefits the cybercriminal. Phishing, spear phishing, business email compromise (BEC) and CEO fraud fall into this category.

The goal of these attacks is to get money. Hackers will spoof emails that impersonate dealership principals or other senior executives, asking someone in accounting to transfer funds for what appears to be a legitimate purpose.

Other examples of social engineering attacks include spoofed emails from employees requesting a change to their direct deposit account, or an email from a senior executive asking for PDFs of all employees’ W-2 forms. Another common type is an email from a colleague asking someone in accounts payable to pay an invoice that is attached to the email. Both the invoice and company are fake, but the cybercriminals will cash your check.

If an employee clicks on a link or downloads a file from a phishing email, hackers can also gain access to your network. Once there, they may try to steal login credentials for financial accounts so that funds can be transferred out, or they might locate and exfiltrate customer data in order to monetize it.

Tech support fraud is another type of social engineering scam, where criminals claim to provide customer, security or technical support in an effort to gain access to victims’ devices.  

In the last six years, nearly 70,000 victims in the U.S. have fallen for business email compromise scams, resulting in a dollar loss of over $10 billion. Once the money is transferred, it’s gone forever.

Ransomware

Ransomware is a type of malware that most often infiltrates your network through phishing and spear phishing emails.

Imagine getting an email from one of your suppliers that says, “Invoice attached.” The email addresses you by name and includes a friendly little message from your account rep at a supplier. You trust the sender so you click on the email attachment and the ransomware is downloaded onto your computer.

Alternately an email could take you to an infected website that will download the malware onto your computer. From there it spreads into your dealership’s computer network. The danger in ransomware is that it lies dormant for a period of weeks or months. Back-ups of your data performed during this period of dormancy will also back-up the ransomware.

Once the ransomware goes “live,” your most recent back-ups will also be encrypted, so it’s impossible to restore your files from your most recent back-ups. In order to decrypt your files and have access to them again, the cyber thieves demand a ransom.

At this point you have two choices. Pay the ransom or lose all your files and data. The majority of cyber thieves demand the ransom in bitcoins, a form of electronic currency that’s untraceable.

Recently there’s been a rise in a type of ransomware attack where the hackers threaten to leak customer data if they are not paid by their deadline. Auto dealerships are particularly vulnerable to this type of attack because they store personal and sensitive information for thousands of customers. If the hackers leak the data, your dealership is legally liable for the data breach.

Ransoms can range from thousands to tens of thousands of dollars. In a recent ransomware attack on an auto dealership in Florida, the hackers demanded $600,000.

Ransomware attacks are on the rise, with annual damages predicted to reach $20 billion in 2021, a 74% increase over $11.5 billion in 2019. In 2019, a business fell victim to a ransomware attack every 14 seconds.

Most small- and mid-sized businesses end up paying ransoms because they can’t afford the downtime and lack of access to critical data. In addition to the ransom paid, small businesses lose an average $100,000 per ransomware incident due to downtime and recovery costs, according to CNN Business.

Prepare Your Dealership

The most effective way to prevent social engineering and ransomware attacks is to enroll your employees in a security awareness training program. These programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program. Over the course of a year, continued security awareness training has been proven to reduce the risk of phishing attacks from 27% to 2%. That’s potentially a huge return for a relatively low cost.

Other tips to prevent cyberattacks include:

  • Have a written information security plan (WISP)
  • Require verbal verification before any funds are wired or transferred
  • Keep data backups for a minimum of 90 days
  • Modernize your IT infrastructure
  • Implement IT best practices for cybersecurity
  • Don’t allow employees to use personal devices at work, including cell phones
  • Purchase cyber liability or data breach insurance

Unfortunately, cybercrime isn’t going away any time soon. The best offense is defense, so be sure your dealership is prepared.

You May Also Like

Digital marketing agency
Paving the Way for Self-Discipline
How Auto Retailers Are Leveraging Advanced Connected Vehicle Data for Optimized Lot Management Solutions
Blog

Back to the Future: Hybrids Offer Alternative to Electric Vehicles

A collaborative effort could not only revitalize consumer interest in hybrids but also position auto dealers as advocates for a greener future.

David McShane
By David McShane
David McShane is the vice president, head of sales and marketing at the Advertising Checking Bureau. David is responsible for leading all new sales, account management, and marketing initiatives and is a senior member of ACB’s Executive Committee.
Published:
Hybrids Offer Alternative to Electric Vehicles

Co-op advertising can reacquaint consumers with eco-friendly option.

Electric vehicles (EVs) have dominated headlines over the past several years, telling consumers the future is EVs, with all other alternatives a thing of the past. And for a time, the headlines rang true, as EV sales gradually rose. Automotive manufacturers also touted the rise of EVs, with many making lofty projections of skyward sales and lessening reliance on traditional internal combustion vehicles.

Read Full Article

More Blog Posts
5 Ways Data Has Changed the Work Truck Industry

Embracing the power of data can be the difference between success and struggle for dealerships.

By Kathryn Schifferle
Happiness for Free

Many people today are lacking a sense of purpose and direction. Learn how you can use these powerful keys to unlock a more fulfilling life.

By Christian Jorn
article based on Remora webinar Money for Nothing, Happiness for Free
Getting to Our Ultimate ‘Why?’

Understanding our core reasons will drive our efforts to success.

By Chris Saraceno
sail boat - freedom
How AI is Enhancing Vehicle Inspections for Car Buying, Selling and Transportation

AI offers three distinct advantages for vehicle inspections that can significantly increase efficiency and bolster confidence for the industry.

By AutoSuccess Contributor
AI vehicle inspection, artificial intelligence

Other Posts

Cybersecurity for Dealerships

Now is the time to take a proactive approach to protecting your dealership’s and customer’s most sensitive information by adopting a comprehensive approach to your cybersecurity.

By Emily Furio
Cybersecurity for Dealerships
Elevating the FTC Safeguards: Embracing a Defense in Depth Approach

In a serious cyberattack, a single security control may not be able to mitigate all the damage, but multiple controls working in unison can.

By Nick Reed
Elevating the FTC Safeguards: Embracing a Defense in Depth Approach
Latest Toyota Data Breach: Evidence of an Industry Under Attack

Hackers have identified the auto industry as ripe for the picking. Attackers often share information regarding potential targets and methods.

By Robbie Harriman
Latest Toyota Data Breach: Evidence of an Industry Under Attack
Navigating Tomorrow’s Roads: 5 Trends Shaping the Future of Commercial Automotive in 2024

Dealerships who offer dedicated commercial service bays or who provide mobile service offerings enhance their value.

By Kathryn Schifferle
Work Truck Solutions blog - ebike delivery in city