Helion Technologies warns auto dealers that the risk for cyber attacks in 2020 is greater than ever before, due to the growing prevalence of cyber attacks in general and also because dealerships make attractive targets for cybercriminals. By 2021, cybercrime will cost the world $6 trillion annually, resulting in the greatest wealth transfer in history, according to Cybersecurity Ventures.
“Cybercrime is the world’s fastest growing criminal industry because it’s incredibly lucrative for the multi-national crime syndicates who are behind these attacks,” said Erik Nachbahr, CISSP, president and founder of Helion. “In 2020 we’re expecting to see an entirely new threat as cybercriminals deploy artificial intelligence to create mutating malware that’s capable of learning. The scope of this threat is unknown and terrifying.”
Companies in the U.S. are the most targeted in the world, with 76% of small- and medium-sized businesses (fewer than 1,000 employees) reporting a cyberattack this year, according to the Ponemon 2019 State of Cybersecurity for SMBs report. Successful data breaches can be devastating, if not business ending. The average cost of a security breach is $3.62 million, according to Ponemon. The steep price tag includes remediation costs, fines and civil penalties, loss of reputation, loss of revenue, legal fees, forensic investigations and class action lawsuits.
According to the U.S. National Cybersecurity Alliance, 60% of small companies that suffer a cyberattack are out of business within six months.
Auto dealerships make attractive targets for cybercriminals because of the vast amounts of customer data contained in their dealership management systems (DMS), including credit applications, credit scores, bank account information and social security numbers.
Additionally, auto dealers lag other industries when it comes to modernizing their information technology (IT), making them more vulnerable than small businesses in other industries. According to Total Dealer Compliance, only 30% of dealers employ a network engineer with computer security certifications or training, and more than 70% of dealers are not up to date on their anti-virus software.
“The good news is that many dealers realize they need to upgrade infrastructure and software so they can better withstand cyber attacks launched from outside,” said Nachbahr. “The bad news is that increasing security externally forces cybercriminals to ramp up their social engineering attacks, and auto dealerships are particularly vulnerable to this type of threat.”
Social engineering attacks, including phishing related incidents, are responsible for 91% of data breaches, according to Knowbe4. In phishing attacks, cybercriminals spoof emails that impersonate dealership principals and other personnel, asking accounting personnel to transfer funds for what appears to be a legitimate purpose.
Fraudulent emails may also request a change to employees’ direct deposit accounts, or ask for PDFs of employees’ W-2 forms. Phishing emails frequently include attachments such as fake invoices that are infected with viruses or malware.
To protect against social engineering attacks, dealers should enroll auto dealership employees in security awareness training, which teaches employees how to spot and deal with phishing emails.
Behind social engineering attacks, ransomware is the next greatest threat to auto dealerships. Ransomware attacks are rising at an exponential rate and in 2019, a ransomware attack occurred every 14 seconds, according to Cybersecurity Ventures.
Another recommended strategy is to partner with a reliable IT services provider. “It’s no longer appropriate to rely on an IT guy, who may or may not have another job in the dealership, to oversee this critically important function in the dealership,” said Nachbahr. “Maintaining data security compliance is an ongoing process that requires continuous monitoring and in-depth knowledge of current threats and counter measures.”