Protecting Your Dealership from Cyberattacks in 2019

The majority of IT professionals at dealerships across the country agree that it’s not a matter of if, but when your dealership will fall prey to targeted attacks involving malware, ransomware, data exfiltration, or phishing. According to the CDK Global 2018 Dealership Cybersecurity Study, an alarming 85 percent of IT-related employees told us their dealership was the victim of a cybersecurity incident in the last two years, while 67 percent of respondents felt confident in their cybersecurity measures before the incident.

Are auto dealers really doing enough to protect their business?

While 70 percent of respondents said they invest in cybersecurity protection to safeguard from potential loss of money, property or data from a cyberattack, only 37 percent of survey takers listed “having a defined process in place to quickly identify a security breach.” This can be attributed to a variety of reasons, including:

Dealers need to assume they are being targeted by advanced attackers and must take a proactive approach to security. They should look toward innovative technologies to support them and their teams — especially as the average dealer network performs hundreds to thousands of tasks, resulting in a high risk for potential attacks. As dealerships purchase multiple point solutions to solve for IT operations and security challenges, their IT infrastructures become vulnerable to threats. The day-to-day responsibility of cyber threat defense and protecting dealer networks 24/7 is no easy task and auto dealers can’t do it alone.

A strategy for business resilience starts with ensuring real-time visibility into where threats exist across the network, most crucially at the endpoints. If a dealer can’t pinpoint current vulnerabilities or the origin of a threat, how can they expect to defend against these threats? According to the 2018 Dealership Cybersecurity Study, when posed with the statement, “I am confident that the security measures we currently have in place will protect our dealership from future cyberattacks and the loss of sensitive data,” over 60 percent of IT-related employees agreed, while less than 20 percent disagreed or strongly disagreed. Despite overconfidence and reliance on point cybersecurity solutions, safeguarding customer information requires a team of experts available 24/7/365 with deep security knowledge and expertise.

When conducting research for the 2018 Dealership Cybersecurity Study, we asked IT leaders what technical cybersecurity protections they have in place. The top 10 responses:

What to expect in 2019

In the 2018 Dealership Cybersecurity Study, we sent a survey to over 6,000 dealerships, targeting IT-related professionals with knowledge of the cybersecurity protections being administered at their dealership. With these survey results in mind, we can look at the emergent technology of today to make some predictions about what is in store for cybersecurity in the coming year. We asked IT leaders what cybersecurity incidents they had been the victim of during the last two years.

These top five responses highlight some of the possible threats to expect in 2019:

 Software virus that damages or disables computers

 Email phishing scams, resulting in financial or information loss

 Human error by a well-intentioned employee

 Ransomware incident

 Electronic fraud or misrepresentation of information for financial gain

Cybersecurity Automation

Auto dealers simply don’t have the resources for 24-hour security monitoring — or the expertise to navigate an ever-changing threat landscape. As dealer enterprise networks become larger, automation and artificial intelligence may start to play a more pivotal role in the day-to-day work order of cybersecurity and monitoring the network for threats. Many security information and event management (SIEM) companies are rolling out cybersecurity management platforms that harness the power of automation.

At CDK, we make cybersecurity a top priority for our customers by providing a complete security solution for dealerships — complete with security event visibility to help meet industry compliance requirements. Our solution includes log management, network monitoring and analysis, and threat remediation. Driven by next-generation SIEM and a highly skilled team of security engineers working around the clock, CDK provides the monitoring and diligence dealerships need for compliance, real security and peace of mind.

Ransomware and Phishing Attacks

Cybercrime is growing more sophisticated each year, and ransomware is proving to be highly successful and extremely profitable. Ransomware, a form of malware, or malicious software, is more complicated than typical malware as it can essentially lock a user out of the entire system. It presents users with an ultimatum: pay a fee to unlock and reclaim personal data, or don’t pay the fee and lose the data indefinitely.

In our survey, 86 percent of respondents said they were generally aware of most cybersecurity threats, including ransomware and phishing. Many dealerships buy and control separate devices — often from multiple vendors — making it harder to deploy strategic and unified cybersecurity network solutions to combat attacks. Ideally, cybersecurity leaders would like to see these endpoints in a comprehensive suite provided by a single vendor.

Cybercrime continues to rise, and so does the demand for security professionals that can remediate these types of threats — a demand the current workforce has just not been able to match.

Cybersecurity Service Providers

Only time will tell us what the cybersecurity world has in store for 2019. One thing is certain: cybersecurity is increasingly becoming a more prevalent – and more complex – factor in the dealership and car-buying environment. However, dealer IT professionals still face many barriers when it comes to implementing the most effective cybersecurity strategies. In an ever-changing world of new technologies and threats, dealer IT professionals are finding it hard to dedicate the resources and time necessary to keep up.

Because of these barriers and unknowns, many dealerships are joining forces with a Managed Security Service Provider (MSSP). These dedicated cybersecurity providers are not only equipped with the latest in threat management technology, they also understand the current environment and work toward staying ahead of emerging cyber threats. By using an MSSP, many dealerships can get help with intelligently investing in the right cybersecurity solution to help protect against — and respond to — cyberattacks in 2019 and beyond.