Cybercriminals are getting more cunning as automotive retailers continue to fall victim to well-disguised cyberattacks. According to CDK Global’s second annual Dealer Cybersecurity Survey, 15% of dealerships experienced a cybersecurity incident in the past year. Of those impacted, 85% of occurrences were due to sophisticated phishing attempts disguised as legitimate emails that resulted in data breaches, IT-related downtime and lost revenue.
“Consumers are continually moving towards a more mobile environment, forcing car dealerships to streamline their online sales and services. Unfortunately, this can lead to the creation of gaps in IT networks for securing data,” said Joe Bell, vice president and general manager of IT Solutions Products and Technologies, CDK Global.
“Updating a dealership’s IT infrastructure, establishing an incident preparedness plan, and identifying qualified individuals to oversee requirements are important steps for automotive retailers to meet the next FTC compliance deadline.”
The FTC’s amended safeguard rule outlines compliance measures that include securing customer data and implementing a comprehensive information security program. Having a strong cybersecurity plan in place is essential for dealerships to adhere to the safeguard rule, but the study found that only 37% of auto retailers are confident in current protection, resulting in a decrease of 21 % Readiness vs. CDK Global 2021 Study. With the rule compliance deadline fast approaching, dealerships are taking their cybersecurity measures seriously.
What are auto retailers doing to thwart cyberattacks?
The report found that nearly 60% of dealerships plan to prioritize upgraded investments in IT infrastructure, including:
- Antivirus and antimalware protection increased by 31% compared to 2021, followed by the establishment of secure networks with consistent updates and patches.
- Dealerships plan to update cybersecurity measures to address major cyber threats, such as email phishing, ransomware, lack of employee awareness, business data theft, PC viruses or malware and stolen or weak passwords.
- Additional action plans include securing endpoints, investing in cybersecurity insurance, and ongoing staff training.
Dealerships are preparing for the influx of possible attacks on their infrastructure, including hiring cybersecurity experts both internally and externally and educating staff on spotting potential cyber threats.
“With the recent wave of ransomware attacks around the world and the advancement of the security protocols we have in place, cybersecurity remains a huge priority,” said Preston Petersen, Managing Director and Partner of Team Automotive Group at Baton Rouge, Louisiana. “The risk to businesses and our industry is at an all-time high, and we take that risk very seriously.”
Ensuring dealerships will be FTC compliant by Dec. 9 remains uncertain, as many auto retailers find the backup rule difficult to understand or complete. The report revealed that only 35% of dealers fully understand the new decision and less than half are well prepared. While 71% were aware of protection mandates, including multi-factor authentication, data encryption, and data and system inventory, several requirements remain unclear, including compliance for mitigation, threat detection, and answer.
“Partnering with a managed service provider can help dealers take the guesswork out of FTC compliance, ensuring a safer, more secure, and up-to-date IT infrastructure,” Bell said.
Andrew McClure, director of IT operations for Patrick Dealer Group locations in Illinois, echoed Bell’s recommendation on protecting dealer cybersecurity. “Engage with an information security manager who aligns with FAIR/NIST/CISA standards (analytical models), research best practices and follow instructions on structuring a layered cybersecurity program for your business,” McClure suggested. “Cybersecurity investments will pay dividends in terms of threat/risk reduction.”