Dealerships Have Everything Cybercriminals Are Looking For

In 2019, a South Florida dealership group was hit by a ransomware attack that halted operations for three days and resulted in a quantifiable $500,000 loss for the group. That number only speaks to the physical cost of replacing every computer throughout the five-rooftop group along with the lost revenue while systems were down for investigation and remediation of the incident. The lost long-term revenue due to damaged reputation has yet to be calculated but will be substantial and will linger for years.

We know as dealers you are very aware of your competitors and the tools and tricks they are employing to take and gain market share from you. You see their commercials, you hear them on the radio, you probably even shop their website regularly to make sure you are staying one step ahead.

While the dealership across town is trying to chip away at your business, the bigger threat is a silent enemy working in the shadows. This enemy is looking to completely cripple your operations and take away a big score in an instant just as they did to the dealership mentioned above. This silent foe of your business is the cybercriminal, or more accurately, cybercriminals.

24 hours a day, seven days a week, in all corners of the world, there are hackers working diligently to find or create exploits in the cyber defenses of businesses for financial gain. Automotive dealerships are a prime target because of the high volumes of valuable data like personal identifiable information and payment records you collect and store.

Automaker Kia Motors America was recently crippled for days by “an extended system outage” that investigative reporting strongly suggests was a ransomware attack demanding at least $20 million in bitcoin to allow systems to return to normal operation and prevent sensitive customer data from being sold online.

You may think you are doing all you can do to keep your dealership from falling victim to cybercrime, but if an OEM with all their resources and safeguards in place is susceptible, how do you think your dealership stands? A Total Dealer Compliance survey revealed only 30% of dealerships employ IT professionals who have completed security training and certification. The other 70% are just hoping they keep reading about “the other guys” falling victim.

The reality is you are way more vulnerable than you think. The bigger reality is that as long as the majority of dealerships treat IT as a cost to be managed as opposed to a vital component of successful operations you are actually inviting this sort of attack. Cybercriminals will uncover the opportunity and they will not hesitate to strike.

It is vital to have a proven strategy in place to protect your business. Nefarious actors employ every tactic from actual physical entry into your facility to a seemingly harmless email to obtain the information they are after. Over our next several articles we will share our expertise on the various methods cybercriminals utilize to achieve their means and how you can protect yourself against them.

The first thing you have to do is stay vigilant. You and your staff must pay as much, if not more, attention to the enemy silently coming hard to injure your business with one big blow as you do to the competitor down the street trying to take your customers away one oil change at a time.