Potential Peril in a Single Keystroke: Inner and Outer Cyber Dangers
In the rapidly evolving digital world, auto dealerships are increasingly becoming prime targets for cybercriminals. Continued use of an ex-employee's credentials by a new employee can provide access for the former employee, as highlighted by experts. This underscores the urgent need for dealerships to bolster their cybersecurity measures.
Mark Begley, the chief revenue officer for DealerOps, has pointed out that dealerships have been careless in protecting customer information. He emphasizes the importance of implementing robust cybersecurity measures to secure access to systems and data.
Dealerships should consider implementing multifactor authentication, full-disk encryption on all devices, and enforcing strong password policies with regular updates. Adopting recognized cybersecurity frameworks and certifications such as ISO 27001, Cyber Essentials, and TISAX can help dealerships systematically manage and mitigate cyber risks. Additionally, obtaining cyber insurance can provide financial protection against breach consequences.
Compliance with automotive-specific cybersecurity standards like ISO/SAE 21434 and UNECE R155, which focus on secure identity management and secure software updates, is also crucial. Outsourcing some cybersecurity functions to managed security service providers can ensure expert, continuous threat management.
Modern approaches such as zero-trust architecture, security by design principles, AI-based threat detection, and continuous risk monitoring can further strengthen defenses against increasingly sophisticated attacks targeting connected and software-defined vehicles.
However, inside fraud is a real concern, and can be both malicious and due to negligence. Dealership executive management needs to show its buy-in through regular training to ensure that everyone understands the importance of cybersecurity.
Cybersecurity is not just the responsibility of the IT department. dealerships should strive to create a culture of cybersecurity, where every employee is aware of the risks and knows what to do to mitigate them. Regular, simple training can go a long way in teaching employees how to spot phishing emails, flag suspicious activities, and say no to urgent money requests that may be from impersonators.
Carelessness can lead to breaches, with dealerships still using simple passwords like "parts1", "service123", "finance5", etc. Dealerships should regularly review, change, and discard passwords to improve cybersecurity.
Experts have warned for years that dealerships are a prime target for cybercriminals. During times of economic "chaos", as Erik Nachbahr, founder and president of Helion Technologies, mentioned, cybercrime tends to increase. Dealership employees are often responsible for clicking on phony emails, leading to cybersecurity breaches. Inside jobs are a concern, with employees intentionally or unintentionally introducing computer viruses.
Dealerships should be prepared for potential breaches. Having plans, backups, and means to operate in case of a cybersecurity breach is essential. Renewing a cyber insurance policy after a big claim might be challenging, but it's a necessary investment to keep a dealership's business alive.
In conclusion, strengthening cybersecurity in auto dealerships is crucial to protect customer data, align with industry best practices, and meet regulatory demands. Dealerships should treat cybersecurity as a core part of their business operations, not just an afterthought.
Industry leaders emphasize the importance of integrating cybersecurity into business operations, treating it as a core concern rather than an afterthought. This necessitates businesses adopting robust measures like multifactor authentication, full-disk encryption, and strong password policies in finance, technology, and cybersecurity.
Proper training is essential to create a culture of cybersecurity within dealerships; employees should be aware of the risks and equipped to mitigate them through regular training sessions. Moreover, dealerships should be vigilant against both external and internal threats, as cybercrime tends to surge during times of economic "chaos".
