Automotive dealerships are attractive targets for hackers.
A combination of storing lots of sensitive customer data, handling large financial transactions, increased dependence on digital technologies and a perception of immature cybersecurity all combine to create a perception of dealerships as lucrative targets for threat actors.
This article takes a look at some of the top automotive cyber threats dealerships should look out for.
One 2023 report from CDK Global found that 46% of dealerships reported experiencing a cyberattack/incident that resulted in a negative financial/operational impact over the previous 12 months.
Taking a look at some recent cyberattacks on auto dealerships gives insight into the types of cyber incidents your dealership might contend with.
Eagers AutomotiveEagers Automotive is the largest car dealership in Australia.
The initial impact was also extreme, with many dealerships resorting to pen and paper after IT systems went down.
Holdcroft Group In another damaging cyber incident for a dealership, Holdcroft Group in the UK got hit by a severe ransomware attack that compromised sensitive data and destroyed some elements of the company's IT infrastructure.
Automotive cyber threats remain prevalent, and it's important to understand them so dealerships can better protect against them.
Social EngineeringEmail phishing is the number one threat to automotive dealerships, but you can really expand this to encompass all types of social engineering.
The nature of dealership operations, with frequent and varied interactions with customers, suppliers and financial institutions, creates many opportunities for social engineers.
With so many potential outside parties that dealerships work with, it's relatively easy for threat actors to disguise themselves.
Inadequate Cybersecurity Training and AwarenessPart of the reason social engineering attacks pose such a threat is that staff at automotive dealerships often lack effective cybersecurity training.
Ransomware AttacksAs evidenced by the recent attacks on dealerships, ransomware is a huge problem and isn't showing signs of stopping.
Despite fewer companies across all sectors caving into gangs' demands and paying ransoms, these attacks pose such a threat because they target two critical aspects of auto dealerships' operations: data accessibility and data confidentiality.
Attacks on Connected VehiclesDirect cyberattacks on vehicles are a growing threat to dealerships, particularly with the rise of connected vehicles.
Each device represents a potential entry point for cyber attackers into a dealership's network.
The problem is that IoT devices often lack standardization or a security-first design, exposing them to vulnerabilities that savvy hackers use as entry points to dealership networks.
Improving Automotive CybersecurityAside from the standard steps like improving training and awareness programs, segmenting the network, and applying software updates on time, dealerships can also strengthen cybersecurity with outsourced security services customized for the automotive industry.
At Nuspire, our service offerings for auto dealerships include incident readiness to help put incident response plans into practice and limit the damage from attacks, advanced threat hunting, and managed detection and response.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 22 Feb 2024 19:43:05 +0000