Key Strategies to Safeguard Dealerships Against Cyberattacks

Cybersecurity Threats in the Automotive Industry The increasing reliance on digital technology in various industries has elevated concerns about cybersecurity, and the automotive sector is no different. A recent cyberattack on CDK Global, a major provider of automotive software, left numerous dealerships across North America struggling to maintain operations.

Employees had to revert to manual processes like using pen and paper for essential tasks such as managing inventory and completing sales. This attack raises important questions: Was this an isolated event, or part of a larger trend? What lessons should dealerships learn, and how can they shield themselves from cyber threats in the future?

Cybersecurity Risks Facing Dealerships According to Travis Walker, a cybersecurity expert from Norton Rose Fulbright, the frequency and complexity of cyberattacks are growing, especially in industries with heavy technology use, like automotive. Dealerships now depend on interconnected software solutions for everything from inventory management to sales processing, which has significantly increased their vulnerability to cyber threats. Cyberattacks such as ransomware, phishing, and social engineering are just some of the tactics malicious actors use to compromise these systems.

Walker highlights that the risks are not limited to internal threats. Dealerships also interact with various third-party vendors, and a breach at any point in the supply chain can lead to widespread disruptions. This makes it critical for dealerships to implement robust cybersecurity strategies.

Consequences of a Cyberattack A cyberattack can result in several damaging consequences for a business. Operational downtime is often the first impact, with critical systems going offline. Financial losses quickly follow, whether due to business interruptions, missed payments, or penalties from contract violations. Even more concerning is the potential reputational damage; customer trust is eroded when sensitive data is compromised. Legal risks are another factor, as breaches involving personal data can lead to lawsuits and regulatory investigations that may result in hefty fines.

Managing Third-Party Vendor Risk Walker stresses that dealerships must prioritize third-party vendor risk management as part of their cybersecurity strategy. Vendors that connect to a dealership’s network or manage its data can introduce additional security vulnerabilities. Therefore, it’s crucial to ensure that third-party partners only have access to the information they need and that their cybersecurity practices meet acceptable standards. Clear contractual agreements should also be established, obligating vendors to provide vital information in the event of a cyberattack.

Three Essential Cybersecurity Practices for Dealerships To mitigate the risks, Walker advises dealerships to focus on three critical areas:

1. Cyber-Incident Response Plan: Establish a comprehensive plan that outlines specific actions to take in the event of a cyberattack, with assigned roles and regular updates.

2. Employee Training: Ensure staff is trained to recognize and respond to common cybersecurity threats. Many attacks result from human error, so cultivating awareness is key.

3. Backup and Recovery Plan: Regularly back up essential systems and store them securely off-network. This ensures quick recovery in case of an attack, minimizing downtime.

By adopting these strategies, dealerships can better protect themselves from the growing threat of cyberattacks.