84 percent of consumers polled; said they would not buy a car from an auto dealership that experienced a data security breach.
Most dealership IT professionals agree it is not a matter of if, but when the next dealership will fall victim to a cyber-attack involving malware, social engineering, or other malicious cyber schemes. Based on a CDK Global 2018 dealership cybersecurity study, 85% of IT-related employees say their dealership was the target of a cyber-attack within the last two years, despite 67% of respondents being confident in cybersecurity efforts prior to the attack.
Seven of 10 respondents said their dealerships invest in cyber-security measures. But more than 60% acknowledged their dealerships have not conducted a formal risk assessment to identify foreseeable internal and external cybersecurity risks, do not conduct regular tests for security systems and processes or do not have a formal process to respond to security incidents.
Auto dealerships have been victims of cyber-attacks that can access sensitive information, such as dealership bank account numbers, routing numbers, login credentials and customer credit card numbers, addresses, social security numbers, and credit scores. Aside from buying a house, purchasing a car is the next biggest financial investment the consumer participates in.
Here are some recent auto dealer cyber incidents:
- An email-attachment virus was downloaded on a finance and insurance manager’s computer. The virus effectively logged the computer’s internet history and keystrokes (a keylogger attack). The cyber attackers used the information to obtain hundreds of customer credit reports, costing the dealership more than $150,000.00.
- A controller received an email from someone impersonating a dealership employee, requesting a $30,000 wire transfer. After exchanging a few emails, the controller initiated the transfer, sending the cyber attackers $30,000. The dealership was unable to retrack the money transfer.
- An accountant visited what he thought was the dealership’s bank website. The accountant was prompted to enter log in information and account numbers, among other information, which the accountant followed. The cyber attacker used the information to initiate a $400,000 wire transfer. Fortunately, the bank stopped the transfer in time and saved the dealership.
- The UK Dealership – Lookers was breached last year and now are faced with extensive employee layoffs, as their profits drastically fell.
In addition to potential legal actions, a cyber-attack can jeopardize reputations and drive away customers.
Auto Dealership Risk Mitigation suggestions - Below are steps auto dealerships can take to prevent cyber-attacks:
- Conduct periodic security-awareness training for all personnel. Employees are critical to cyber defense. Educating your employees will strengthen their ability to detect and prevent future cyber-attacks.
- Perform a comprehensive Threat Vulnerability Risk Assessments. These type assessments identify, quantifies and documents the probability of various types of potential disruptive cyber threats related to a specific dealership network and location.
- Develop a management cyber playbook to cover reported incidents and how to properly address them. This needs to include procedures for communicating a breach to affected parties (both internal and external).
- Create a prioritized list of risks (based on the threat assessment model) and associate those risks with adequate risk-mitigation controls (e.g., technology, services, or additional procedures). Depending on the dealership’s current security posture, these controls may need to be developed and/or enhanced. Identifying top-level risks now can serve as a catalyst for additional controls or defenses in the future (time and cost permitting).
- Reassess our audit your risk environment periodically through threat assessment. This will put closure on previously identified risks, ensuring that they have been mitigated to an acceptable level, and determine whether new risks have evolved since the prior assessment.
A recent search in RedXray-Plus was conducted, researching a large auto dealership in the Northeast of America. Our results are below:
As this research confirms, auto dealerships are very vulnerable to a variety of cyber-attacks, to include: Breach data; Keylogger data; Malicious emails; Malicious email context; Malicious email Detections; Pastebin Hits; Sinkhole Traffic; and Threat Recon. All this dangerous data collected from the surface and underground Internet; never touching your networks. Firewalls are great, but if they fail to identify new and emerging threat, which out data can provide, the firewall will have a hole in it. A hole malware can enter and attack your network.
Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, or a RedXray-Plus demo, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email firstname.lastname@example.org
 Taken from excerpts by Christopher Arkin is senior director-investigations and compliance at security firm Guidepost Solutions.