Cyber criminals always have some new trick up their sleeves and find themselves new targets, just when things seem to become stagnant – and companies are lulled into a sense of false confidence. It doesn’t help that their customers are more mobile-centric than ever, causing dealers to have to streamline sales and service to accommodate them.
It’s created some security gaps and, as a result, 15% of dealers experienced a cybersecurity incident in the past year, according to CDK Global’s State of Cybersecurity in the Dealership. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue.
The consistent cyberthreats have auto retailers concerned about securing their networks. On top of that worry, they have to prepare for the upcoming Federal Trade Commission Safeguards Rule implementation set for Dec. 9. The amended FTC Safeguards Rule outlines compliance measures that include securing customer data and implementing a comprehensive information security program.
A good cybersecurity plan is needed to meet the Safeguards Rule. However, the study found that only 37% of auto retailers are confident in their current protection. Even worse, this represents a 21% decrease in preparedness compared to CDK Global’s 2021 study.
“Updating a dealership’s IT infrastructure, establishing an incident readiness plan and identifying qualified individuals to oversee the requirements are important steps for auto retailers in meeting the upcoming FTC compliance deadline,” said Joe Bell, vice president and general manager of IT solutions product and technology, CDK Global.
Many dealers understand they need to take steps and 60% plan to prioritize upgraded investments in IT infrastructure. Investments need to include increasing anti-virus and malware protection and updating cybersecurity measures to counter email phishing and ransomware. Dealers should also plan to secure endpoint devices, invest in cybersecurity insurance and continue staff training to raise employee awareness.
With the Dec. 9 deadline looming, dealers are not fully up to speed on some terms and requirements, such as threat detection and response, for example. Maybe dealers should look into managed service providers to ensure their networks are secure while meeting the Safeguards Rule.
“Partnering with a managed service provider can assist dealerships in eliminating the guesswork for FTC compliance, ensuring a safer, more secure and up-to-date IT infrastructure,” said Bell.
Dealerships started to take cybersecurity more seriously, although it did take an FTC deadline and cybersecurity incidents to get there. They will soon learn that investment into cybersecurity will pay dividends in threat reductions – at the 60% who say they are prioritizing security. The other 40%, though – and their customers – could be in for tough times.
Edited by Erik Linask