Outdated Software is an Open Door for Cybercriminals

Everyone has experienced the scenario where you get in front of your workstation and are ready to work, only to get a dreaded message like, “Applying Windows Updates, Do Not Turn Off Your Workstation.” Then you’ll get an even more annoying progress update like, “Installing Update 8 of 32.” It’s not just Windows, every application you use requires regular updates.

After you shake your mouse in frustration a few times, you realize you have no choice but to sit back and let your computer do what it needs to do.

Why does this even happen? Your computer is new, and it was running just fine when you were working on it yesterday.

The answer most of the time, is cybersecurity. These updates, or patches as they are also commonly referred to, close loopholes that cybercriminals are exploiting to gain access to sensitive data or install ransomware for a huge, quick payday.

If you find updates frustrating, annoying and time consuming, imagine the frustration and annoyance of an actual cyber attack and the lost business and revenue that is sure to follow.

Retail automotive dealerships are a prime target for cybercriminals. They collect and store much of the same information banks do and should be protected with the same measures that banks are. If your business systems don’t have a plan in place to manage software patching, you are essentially inviting cybercrime.

According to a 2016 study by Voke Media, 80 percent of reviewed companies that experienced a data breach could have prevented it with a basic patch or update. A different study, conducted by Edgescan in 2018, showed that more than 20 percent of all high-risk vulnerabilities on enterprise networks are directly caused by unpatched software.

Clearly cybercriminals have grown more sophisticated even in the relatively short amount of time since these studies were published, so it is more important than ever to do everything you can to stay ahead of their threats.

Windows 7 is a glaring example that businesses are not giving security patching the attention it deserves. Microsoft ended support and patching of this version of their operating system in January 2020. This means any device still running it is extremely vulnerable to cyberattack. Despite this being heavily publicized by the software giant and a hot topic all over the internet in the leadup to support ending, 22 percent of devices connected to the internet were still running on Windows 7 as recently as April 2021, according to a study by Kaspersky.

Security experts compare putting a computer running Windows 7 on the internet to guarding Fort Knox with a screen door. Cybercriminals seek out these devices and exploit unpatched weaknesses to gain easy access to whatever they are looking for.

If you knew there were a rash of car break-ins in your neighborhood, and that the thieves were just walking down the street checking for vehicles that were unlocked, you would check and double-check that your doors were secured, right? So why would you not pay the same attention to this known threat?

Patching and updating software has benefits beyond security as well.

The first is productivity. Outdated software causes delays in completing tasks within the program, or perhaps how it communicates with another system. If the delays are on an internal system this causes frustration amongst your team. If these issues are in a customer-facing application, or involve the customer in any way, then lost time will ultimately lead to lost sales.

The second is compliance. As cybercriminals become increasingly sophisticated and systems become even more interconnected, your partners will be looking at your business practices to ensure you are doing everything to protect not only your data, but their data as well. For example, lenders who do not view you as a “safe” business partner may choose to sever their relationship with you which will limit your customers’ options when it comes to financing a vehicle.

The best way to ensure loopholes are closed on your systems is to implement a patch management system with a dedicated individual or team maintaining responsibility for vetting and installing the latest patches and updates. They can determine the least disruptive time to deploy and will have the added benefit of centralized monitoring to determine if there are any issues.

If you are unable to establish a patch management system internally, it is imperative that you partner with a company who can assist you. The safety and efficiency of your business depends on it. DealerIT was founded to assist already-stressed dealership IT departments with these types of issues and our automotive IT experts are ready to help. Click here to learn more about DealerIT’s full-scale managed services.