Breaking Down Cybercrime in Automotive - AutoSuccessOnline

Breaking Down Cybercrime in Automotive

Sponsored by Proton Dealership IT

Your dealership is a treasure trove of data. Think about it… names, phone numbers, addresses, work details, salary, and social security numbers for hundreds, if not thousands, of consumers. Financial details about their vehicle purchases. Credit card information from service. The list goes on and on. All of this data makes dealerships a prime target for cyber-attacks. Here are some facts to get you considering the impact of cybercrime in automotive:

  • Ransomware is the most common form of attack in automotive and email is the number one method for gaining access to a dealership’s network.
  • The average ransomware remediation costs are $1,400,000.1
  • Business are down after a ransomware attack for an average of 21 days.2
  • 84% of consumers would not buy another vehicle from a dealership after their data had been compromised.3
  • 30% of dealerships are not up-to-date on their security software.4
  • Only 21% of security professionals think their current security controls are adequate.5

Let’s break these down.

What exactly is ransomware?

Ransomware is a malicious software that gets into the dealership’s network, encrypts and often steals data, and then demands a ransom payment in order to get it back.

Think about each of your departments and the interactions they have that could be a cyber-threat:

Sales people: They are tasked with answering online inquiries daily. They are supposed to be timely so they don’t impede customer satisfaction. So, do you think they stop to consider every email they receive and whether or not it’s a potential threat? Probably not, they simply respond without question.

Business Office personnel: These folks are routinely sending information inside and outside the dealership. These could be reports to management or invoices to outsides vendors. They are also in charge of receiving and making payments.

Fixed Ops: Again, this crew is receiving various inquiries about service appointments, price estimates, parts availability through email. They are busy and don’t have the time, or maybe even the knowledge, to stop and consider whether every request is safe.

All of the interactions above are what make email such an easy target. People expect emails, and they are used to working quickly. So how exactly do hackers do it?

How do hackers penetrate your network?

Hackers have become so sophisticated, they are actually able to get inside your network and monitor what’s going on. They identify a contact whom you email frequently, maybe you receive an invoice or report from one of your managers weekly. After months of monitoring from the inside, they will send you a message disguised as the typical email you get. It might have an attachment that looks like the invoice or report you typically receive, but as soon as you click it, a malicious download begins in the background.

From there, depending on the level of cybersecurity you have, the hackers could completely infiltrate your network and shut you down. So what are the consequences if this does happen?

Real World Consequences to Automotive Cybercrime

As the hackers get in and start moving through your network, they begin looking for valuable data to encrypt and backups to destroy. Their goal is to execute maximum damage. When your employees begin to arrive at work the next day, they have a challenging morning. Many of them aren’t able to log on and some have a weird message on their screens. Your entire dealership is down… you can’t sell or service cars, you can’t close deals, you can’t pay bills or accept payments.

The cost of this event could be days with no operations at all. Lost customers who go to another store for a vehicle purchase or service work. Angry customers whose vehicles are in for service, but they now can’t get them for days. Then once you finally do get back up and running, it’s a slow process, getting computers back online, getting your data off the back-ups that are hopefully current, and making sure everything is accurate.

Once the dust has settled, you can finally start to think about your reputation and the impact this will have on future business. Think of the customers you’ll have to notify, and the friends they’ll share this news with.

You might now be wondering, “How do I ensure this doesn’t happen?”

Protecting Your Dealership From Cybercrime

The right cybersecurity program could be the make-or-break element in an event like this. It all starts with a strong perimeter firewall to protect your network.  Then, if something manages to get through your firewall, the next layer of protection is advanced email security that is able to identify and filter out suspicious emails. Additionally, if something does get through to email, a comprehensive system should alert the monitoring team so they can step in and take action if needed.

Taking it a step further, endpoint detection and response will protect each of the individual computers and mobile devices your team uses every day. To cap it all off, your employees should be trained to look for suspicious email triggers. They are your first line of defense.

Consider your dealership, the legacy that has either been passed down for generations or that you plan to one day pass down yourself. One cyberattack could change all of that. Protect your dealership, protect your legacy, before it’s too late.

1 Sophos, The State of Ransomware 2022
2 Coveware report, Bizjournals.com, Buckle up – automotive dealerships unprepared for cybercrime
3 Total Dealer Compliance
4 Total Dealer Compliance
5 Forrester Research, 2020

You May Also Like

Why Dealers Switch From DOWCs to ARCs

By now, most dealers are familiar with the “dealer-owned warranty company” or “DOWC” concept and, more likely than not, have reviewed a presentation touting the benefits of this structure. Providers promoting this structure often highlight certain benefits that are very enticing and alluring to dealers that are currently in reinsurance. However, providers regularly fail to

By now, most dealers are familiar with the “dealer-owned warranty company” or “DOWC” concept and, more likely than not, have reviewed a presentation touting the benefits of this structure.

Providers promoting this structure often highlight certain benefits that are very enticing and alluring to dealers that are currently in reinsurance. However, providers regularly fail to provide a comprehensive view of the structure, leading many dealers who elect to proceed with a DOWC to second-guess their decision shortly after making the move.

EV Trends from Black Book

Most OEMs have plans for EVs in the pipeline. It is vital to get your service, parts and sales staff trained and prepare your facilities to accommodate this inventory-type change.

Dry Ice Blasting – Save Time & Boost Car Values

Reconditioning cars to prepare them for the used car market is no easy task. The labor hours, harsh chemicals, awkward angles, and use of sharp blades, wire brushes, and rags really add up. What if there was a way to recondition a car – inside and out – in a fraction of the time without

Tracking a Weekly $10K Gain

Keeping track of your high-value, moving assets can be tedious, haphazard — and high risk to your efficiency and competitiveness. It need not be that way.

Safety Recalls: Boost Revenue, Now!

Learn how recall verification and monitoring data science from AutoAp integrated with reconditioning identifies and catches all open recalls and often reports them before OEMs notify their dealers

Other Posts

Latest Toyota Data Breach: Evidence of an Industry Under Attack

Hackers have identified the auto industry as ripe for the picking. Attackers often share information regarding potential targets and methods.

Latest Toyota Data Breach: Evidence of an Industry Under Attack
Executive Spotlight with Robbie Harriman of OCD Tech

Tune in to the video to learn about the prevailing cyber threats facing dealerships today.

OCD Tech's Robbie Harriman sheds light on cybersecurity threats in auto dealerships.
Understanding Business Email Compromise — the $43 Billion Scam

BEC and payment fraud are genuine threats to dealerships today. By following these suggestions, you can significantly reduce your risk.

Dealership Cybersecurity: Why a Proactive Approach Matters

Being proactive about cybersecurity is much cheaper and less painful than suffering the consequences of a breach.