In a recent survey undertaken by CDK Global, over 6000 Dealerships were asked what cyber-attacks they had experienced, in an effort to predict those most likely in 2019. In this article, we list the top five likely threats and in each case why or how a Dealership may be affected. We also examine what you could be doing better to protect yourself.
For the Automotive industry, the top five expected cyber-attacks in 2019 are:
- Malware attack
- Email phishing scams
- Human factor
- Ransomware
- Electronic fraud
Malware
Malware (malicious software) is typically a program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, trojan horses, ransomware and spyware.
Dealerships most likely to be affected by a successful Malware attack are those who are running older (unpatched) versions of operating systems or software programs. Patching your critical applications and (at least) your servers is basic housekeeping. The Wannacry exploit that hit the NHS was related to a poor patching policy.
Our tip, if you don’t know as a matter of fact that all of your key systems are up-to-date and patched – then assume you have a significant security risk. A href=”https://www.softwerx.com/cyber-security-solutions/vulnerability-management/”>Vulnerability Scanning solution such as F-Secure Radar can inexpensively scan your entire network infrastructure in seconds and provide the Board with a comprehensive Report, detailing key vulnerabilities.
Email Phishing
Email Phishing scams are still the most common and successful type of cyber breach; not least because of the prevalence of email for communication within modern businesses.
Dealerships most likely to be affected by a successful Email Phishing attack are those who are running ineffective (or non-existent) Secure Email Gateway (SEG) solutions. A good SEG platform (e.g. Mimecast) can control and contain phishing and spam emails before they get near your Inbox.
Our tip, just because you’re using Outlook via Microsoft Office 365 in the Cloud, don’t assume you are safe/protected. Microsoft 365 is regularly attacked and you need to make sure you have the correct security functions and features enabled.
Human Factor
The Human Factor typically relates to a well-meaning but uneducated employee who inadvertently clicks on something, and worse still forwards it on to colleagues. The Human Factor can also relate to an employee with a grievance, who has a motive – and a capability – to access and disrupt systems.
You can educate your employees quickly, effectively and inexpensively using a modern SAT (Security Awareness Training) package such as Knowbe4. Article 32 of the GDPR (General Data Protection Regulation) stipulates that appropriate organisational measures should be taken to ensure an appropriate level of security. There is no excuse for not educating your employees.
Protecting your business from employees who may consider themselves aggrieved (who may still be employed, or have left the business) is mostly down to secure operating policies and procedures – though some technology (Microsoft MDM/MAM) can help.
Our tip, educating your workforce is perhaps the most effective and least expensive thing that you can and should do to protect your business from a cyber-attack. Make sure your key budget stakeholders within the business follow the basic principle – if you’re not sure, pick the phone up to check.
Ransomware
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. It can be extremely effective – and in many cases, devasting for a business.
Dealerships can protect themselves from Ransomware attacks by ensuring their overall cyber posture is robust. The starting point is attaining a government-backed Cyber Essentials accreditation.
Our tip, don’t become complacent because you know (think) you have everything backed-up and you could recover any locked data easily. Firstly, and in reality, the panic-induced collateral damage associated with a ransomware attack (physically ripping cables out to isolate the attack) can often cause more damage than the ransomware itself; but secondly and most importantly – most Ransomware attacks now also access and lock your backup data as well. Make sure your backup strategy is robust enough to repel a sophisticated ransomware attack.
Electronic Fraud
Electronic Fraud, typically concerned with diverting vehicle purchasing funds between the Dealership and the Consumer, is becoming ever more common and ever more sophisticated. We have advised directly on examples which have seen significant customer funds being transferred to the wrong (fraudulent) bank account.
Our tip, recognise that as a business, you ultimately hold the responsibility for any financial transactions – and that it is your responsibility to ensure secure systems, platforms, policies and portals are in place within your Dealership. Do not send or rely on email as a platform to exchange financial details such as bank account numbers, sort codes etc.
In Summary
Automotive Dealerships are seeing an increasing number of cyber attacks over the past eighteen months. The sector is seen as a fertile and profitable growth area for Hackers, as the sums involved, either directly with Consumers or through the Supply Chain, are generally significant; and access to these systems and funds, through poor security systems (including the consumers), is readily achievable.
Many of these types of attacks are (or can be) interrelated. You may receive a Malware attack through an employee inadvertently clicking on an attachment which then downloads a Malware payload. The best approach to developing and maintaining a robust cyber security posture that fits with the risk profile of your business is to adopt an holistic approach that’s owned and endorsed at Board-level.
A government-backed Cyber Essentials accreditation should be viewed as a mandatory requirement – and a basic starting point.
To find out more about how you can improve your cyber security posture give us a call on 01223 834333.
Back to Blog