Cyber Attacks on Auto Dealers on the Rise


Cyber Attacks on Auto Dealers on the Rise

By Greg Tavarez

Cyber criminals always have some new trick up their sleeves and find themselves new targets, just when things seem to become stagnant – and companies are lulled into a sense of false confidence.  It doesn’t help that their customers are more mobile-centric than ever, causing dealers to have to streamline sales and service to accommodate them.

It’s created some security gaps and, as a result, 15% of dealers experienced a cybersecurity incident in the past year, according to CDK Global’s State of Cybersecurity in the Dealership. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue.

The consistent cyberthreats have auto retailers concerned about securing their networks. On top of that worry, they have to prepare for the upcoming Federal Trade Commission Safeguards Rule implementation set for Dec. 9. The amended FTC Safeguards Rule outlines compliance measures that include securing customer data and implementing a comprehensive information security program.

A good cybersecurity plan is needed to meet the Safeguards Rule. However, the study found that only 37% of auto retailers are confident in their current protection. Even worse, this represents a 21% decrease in preparedness compared to CDK Global’s 2021 study.

“Updating a dealership’s IT infrastructure, establishing an incident readiness plan and identifying qualified individuals to oversee the requirements are important steps for auto retailers in meeting the upcoming FTC compliance deadline,” said Joe Bell, vice president and general manager of IT solutions product and technology, CDK Global.

Many dealers understand they need to take steps and  60% plan to prioritize upgraded investments in IT infrastructure. Investments need to include increasing anti-virus and malware protection and updating cybersecurity measures to counter email phishing and ransomware. Dealers should also plan to secure endpoint devices, invest in cybersecurity insurance and continue staff training to raise employee awareness.

With the Dec. 9 deadline looming, dealers are not fully up to speed on some terms and requirements, such as threat detection and response, for example. Maybe dealers should look into managed service providers to ensure their networks are secure while meeting the Safeguards Rule.

“Partnering with a managed service provider can assist dealerships in eliminating the guesswork for FTC compliance, ensuring a safer, more secure and up-to-date IT infrastructure,” said Bell.

Dealerships started to take cybersecurity more seriously, although it did take an FTC deadline and cybersecurity incidents to get there. They will soon learn that investment into cybersecurity will pay dividends in threat reductions – at the 60% who say they are prioritizing security.  The other 40%, though – and their customers – could be in for tough times.

Edited by Erik Linask

MSPToday Editor

Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More