Auto Dealerships Need to Hit the Gas on Their Cybersecurity Efforts

Cyberattacks against the automotive industry are becoming more frequent as cybercriminals look to send a clear message: give us what we want, or we will pump the brakes on your business. Here are just a handful of recent examples demonstrating how this industry is under siege:

• Earlier this year, one of the largest automobile dealer groups in Europe fell victim to a ransomware attack. The cybercriminal group known as Hive was believed to have been behind the attack, which brought operations to a screeching halt for days until the systems were finally restored.
• Operations of Kia and Hyundai in the United States suffered extended network outages due to a cyberattack.
• Authenticom, a provider of DMS (dealer management system) integration and real-time automotive marketing data services, was struck by a ransomware attack that inflicted significant damage to their systems, forcing them offline.
• Volvo confirmed that some of the company's R&D property was stolen during a cyber intrusion, admitting that "that there may be an impact on the company's operation."
• Several Florida-based dealerships were paralyzed by ransomware attacks, leaving them unable to sell or service hundreds of cars as there were no functional computers available to write up customer orders.

It is this last example that should strike fear into any dealership, as the lack of functional computers would have crippling effects on the ability to operate, with each day resulting in a catastrophic and long-lasting impact. It is impossible to easily recover from an extended period of time without the ability to write repair orders, run credit checks, process new deals, or access financial statements. In addition, while most DMS systems have the proper security to repel most cyberattacks, what if that system cannot be accessed because all of the dealership's local computers have been corrupted? Or what if the DMS itself is the victim of an attack? The data breach experienced by the DMS DealerBuilt showed that even these systems are susceptible to the sophisticated attacks used by cybercriminals.

For businesses that are inclined to shift the risk of a ransomware attack to cyber insurance, obtaining a policy is rapidly becoming more difficult and expensive for organizations that have not prioritized fortifying their cybersecurity defenses. Automotive News confirms what cybersecurity professionals are seeing across many other industries: insurers are taking “a closer look at how to better assess risk and reduce the frequency of claims. That's driving many of the price increases and new security requirements." For example, multifactor authentication was formerly a recommendation; now it is a prerequisite before a cyber insurance policy can even be obtained.

Given these examples, proactive measures are clearly the best medicine for preventing cyberattacks. Citrin Cooperman offers a wide array of cybersecurity services to help your dealership strengthen its defenses against attacks. Here are some examples of how our professionals can help:

• Cybersecurity Assessments
  • If you don't know what data you have or how well it is being defended, it is difficult to protect your business. Citrin Cooperman can provide your dealership with an affordable cybersecurity assessment to help identify risks that threaten your critical systems and data, recognize and prioritize gaps, and build a roadmap to a safer and more secure environment.
• Security AwarenessTrainingandSpearPhishing Simulations
  • Since the vast number of ransomware attacks originate from spear phishing attacks, it is imperative to train all of your employees so that they can identify and avoid this threat. Citrin Cooperman can provide your business with the training and phishing simulations needed to keep your employees off the hook of spear phishing attacks.
• Vulnerability Management
  • A misconfigured network device or missing security update can open the door for cybercriminals to enter your business, allowing them to deploy ransomware and steal your data. Citrin Cooperman's vulnerability management team can act as a “simulated bad actor" and conduct internal and external penetration testing and vulnerability scans to identify and address any weaknesses in your network before a hacker can take advantage of them.

To avoid a head-on collision with cybercriminals, consider setting up a meeting to discuss how Citrin Cooperman can help protect your business and keep your dealership safe and secure. To learn more, contact Kevin Ricci at kricci@citrincooperman.com or Michael Camacho at mcamacho@citrincooperman.com.