August 19, 2021
Outdated Software is an Open Door for Cybercriminals
Everyone has experienced the scenario where you get in front of your workstation and are ready to work, only to get a dreaded message like, “Applying Windows Updates, Do Not Turn Off Your Workstation.” Then you’ll get an even more annoying progress update like, “Installing Update 8 of 32.” It’s not just Windows, every application you use requires regular updates.
After you shake your mouse in frustration a few times, you realize you have no choice but to sit back and let your computer do what it needs to do.
Why does this even happen? Your computer is new, and it was running just fine when you were working on it yesterday.
The answer most of the time, is cybersecurity. These updates, or patches as they are also commonly referred to, close loopholes that cybercriminals are exploiting to gain access to sensitive data or install ransomware for a huge, quick payday.
If you find updates frustrating, annoying and time consuming, imagine the frustration and annoyance of an actual cyber attack and the lost business and revenue that is sure to follow.
Retail automotive dealerships are a prime target for cybercriminals. They collect and store much of the same information banks do and should be protected with the same measures that banks are. If your business systems don’t have a plan in place to manage software patching, you are essentially inviting cybercrime.
According to a 2016 study by Voke Media, 80 percent of reviewed companies that experienced a data breach could have prevented it with a basic patch or update. A different study, conducted by Edgescan in 2018, showed that more than 20 percent of all high-risk vulnerabilities on enterprise networks are directly caused by unpatched software.
Clearly cybercriminals have grown more sophisticated even in the relatively short amount of time since these studies were published, so it is more important than ever to do everything you can to stay ahead of their threats.
Windows 7 is a glaring example that businesses are not giving security patching the attention it deserves. Microsoft ended support and patching of this version of their operating system in January 2020. This means any device still running it is extremely vulnerable to cyberattack. Despite this being heavily publicized by the software giant and a hot topic all over the internet in the leadup to support ending, 22 percent of devices connected to the internet were still running on Windows 7 as recently as April 2021, according to a study by Kaspersky.
Security experts compare putting a computer running Windows 7 on the internet to guarding Fort Knox with a screen door. Cybercriminals seek out these devices and exploit unpatched weaknesses to gain easy access to whatever they are looking for.
If you knew there were a rash of car break-ins in your neighborhood, and that the thieves were just walking down the street checking for vehicles that were unlocked, you would check and double-check that your doors were secured, right? So why would you not pay the same attention to this known threat?
Patching and updating software has benefits beyond security as well.
The first is productivity. Outdated software causes delays in completing tasks within the program, or perhaps how it communicates with another system. If the delays are on an internal system this causes frustration amongst your team. If these issues are in a customer-facing application, or involve the customer in any way, then lost time will ultimately lead to lost sales.
The second is compliance. As cybercriminals become increasingly sophisticated and systems become even more interconnected, your partners will be looking at your business practices to ensure you are doing everything to protect not only your data, but their data as well. For example, lenders who do not view you as a “safe” business partner may choose to sever their relationship with you which will limit your customers’ options when it comes to financing a vehicle.
The best way to ensure loopholes are closed on your systems is to implement a patch management system with a dedicated individual or team maintaining responsibility for vetting and installing the latest patches and updates. They can determine the least disruptive time to deploy and will have the added benefit of centralized monitoring to determine if there are any issues.
If you are unable to establish a patch management system internally, it is imperative that you partner with a company who can assist you. The safety and efficiency of your business depends on it. DealerIT was founded to assist already-stressed dealership IT departments with these types of issues and our automotive IT experts are ready to help. Click here to learn more about DealerIT’s full-scale managed services.
We get it, you want to focus on the business of automotive retail. That can be hard to do when you are hearing about another huge ransomware attack or other cyber incident that is devastating to one or multiple businesses just about every day.
Just over the July 4th weekend a Russian hacking syndicate launched an attack that crippled at least 200 U.S. companies. This number is likely to grow as the attack seems intentionally timed to coincide with a holiday weekend when IT staffing can be thin and maximum damage can be done before businesses and end-users are even aware of what is happening.
Do you know a Dealership that has been impacted by these cyber threats? Are you asking the right questions about how secure you are or what your response plan is for such an attack? How comfortable are you with your cyber security today?
A recent Automotive News article reporting on findings from Black Kite Security states that almost half of 100 automotive manufacturers and more than 17 percent of automotive suppliers are at a high risk for ransomware attacks. If your manufacturer(s) and suppliers are at high risk, you are too.
As we have stated multiple times, cybersecurity must always be vigilant and current, and cyber safety is the result of multiple tools working in concert to provide maximum defense. Any weakness will be found and exploited by hackers who become increasingly sophisticated with each passing day.
Password security has always been a vital component in this discussion because a password is a control in keeping the bad guys out. In recent years, most systems have started requiring a complex password that is changed regularly. While this can be frustrating for the user, it is absolutely necessary.
It was a single compromised password that led to the Colonial Pipeline ransomware attack that crippled fuel supply to Mid-Atlantic states and sent a panic ripple throughout the entire U.S. economy.
You have probably noticed when interacting with your online banking or even many apps on your phone, that a second piece of identification is required to gain access. Maybe you want to check your balance really quick, but when you log on to the website your bank tells you they have texted a one-time security code to the phone number on file. This is called Two-Factor-Authentication (2FA). It may seem frustrating and detrimental to the convenience we are supposed to enjoy, but it is equally vital because strong passwords are not enough.
Here are some statistics to explain why Two-Factor-Authentication is so important:
- 90% of passwords can be cracked by hackers in less than 6 hours.
- Two-thirds of people use the same password across all their accounts.
- 57% of people who have already fallen prey to a phishing attack still have not changed their passwords.
Despite these known statistics, only 40% of systems use Two-Factor-Authentication, but thankfully awareness is growing.
The protection of sensitive data and systems warrants an extra step to ensure only authorized persons are accessing them.
How does Two-Factor-Authentication work?
As you have experienced, Two-Factor-Authentication requires that you log into a system with a username and password as normal. As part of the login process, you are then asked to provide a second identifier. This second identifier may come from something you own like a hardware token or an app or text message sent to your phone. Another approach to Two-Factor Authentication is a unique identifier like a fingerprint or facial recognition. This is also called a biometric indicator.
Either method greatly decreases the potential for a security breach via login to a system because while one form of authentication may be compromised, it is highly unlikely both would be.
There is a misconception that data stored in the cloud is automatically secured by your provider and additional safeguards are not necessary. This is not accurate. You and your team Is accessing this data from local workstations and a compromised password would be every bit as devastating as it would be if you stored the data on premise.
Do not get lured into a false sense of security by the cloud. That data is more accessible by hackers than if it were stored locally so all security measures, including Two-Factor-Authentication, are necessary.
The current events surrounding ransomware and other cyberattacks emphasize the importance of taking every precaution available to secure the data and systems that run your business. The last thing you want is for your dealership to be the next business in the news unable to service your customers because you cannot access your business tools.
Defense against these types of attacks starts with password security. Partnering with a managed services provider ensures you have the most current, effective tools against cyberattack. Click here to learn more about the many ways DealerIT can help secure your dealership.
June 7, 2021
No Such Thing As Too Safe? Think Again.
No discussion on cybersecurity would be complete without talking about firewalls. Using hardware and software, firewalls provide a first line of defense for your network. Through rules established by your IT team, a firewall is intended to prevent bad or nefarious traffic from entering and prevent users on the inside of your network from accidentally accessing questionable sites on the internet.
A firewall is a valuable weapon in your cyber defenses. The safety it provides is important, but it is possible to instruct a firewall to filter so much content that it actually becomes detrimental to your business by creating frustrating experiences for your team and your customers.
When talking about cybersecurity it is often said that you can never be too safe. That statement is not 100% true.
A dealership group we recently partnered with was having intermittent difficulty connecting to their DMS. We uncovered the root cause to be a firewall rule blocking all internet traffic from foreign countries. In today’s cloud computing world, vendors utilize servers around the globe to provide efficient, cost-effective service. By applying a broad brush in the name of safety, this group crippled their ability to conduct business.
In another instance, one of our clients was so focused on security they would not even allow networked printers in their facility because of a perceived vulnerability. They had printers on carts that had to be wheeled to the location of the individual who needed it. If multiple F&I advisors were working on deals, one customer would have to wait for documents while the other customer’s deal was being completed. This created so much frustration that the dealership was losing buyers at the point where the sale was all but finalized.
Another dealer would not provide wireless internet for customers or staff because of the potential for cyber intrusion. This created bottlenecks for sales team members trying to obtain information for their prospects and a negative customer experience as a basic amenity was not being provided. Rather than relying on a well-designed firewall and following standard protocols, this dealer generated lost sales and negative reviews that certainly prevented potential customers from coming in.
These are all instances where dealerships proved you can be too safe. Overcompensating and being too stringent with firewall protocols can be harmful to the business you are trying to protect.
It would be like deciding you can avoid all car accidents by simply never driving. That is accurate, of course, but it is not feasible. Just as you accept there is some degree of risk when you get on the road, you have to accept that there is always a risk when you put a device on a network and a network online.
In the car you follow established rules and protocols of driving to limit that risk. You keep your vehicle well maintained, you drive the speed limit (most of the time), you follow traffic signs and signals, and stay on the correct side of the road. Even though there are limitations, you still ultimately get where you want to go.
The same applies to your network. There are established rules and protocols that must be followed to mitigate risk. When these are followed, there are naturally limitations, but ultimately your business gets where it needs to go.
One major difference is that while traffic laws are generally well established and unchanging, the rules of cybersecurity are constantly changing as the methods and strategies cybercriminals employ are always evolving.
A managed services provider can help you find the balance between safety and effectively doing business. Our teams stay up to date on the latest threats and ensure your network does too. This way you can provide a productive, frustration-free experience for your customers and your team while still driving your business where it needs to go.
If you have security concerns in your dealership, click here to learn more about our cybersecurity services and schedule a complimentary dealership analysis.
May 3, 2021
From Helpful To Hacked In 30 Seconds
We have established that cybercriminals are creative and will do whatever it takes to get to the information they are after. In most cases, like phishing emails, they cast a wide net and hope to get one or two unsuspecting individuals to take the bait.
Another common, yet less often talked about, tactic employed by cybercriminals is social engineering. Where phishing is random and broad, social engineering is strategic and designed to prey on human nature to deceive an individual to provide access to sensitive data.
If you or someone you know has ever received the call that there is a warrant out for your arrest and the only way to confirm it is a mistake is by providing your social security number, that is the type of attack we are referring to.
Social engineering is far more dangerous than phishing because while most phishing attacks are very apparent to the recipient, cyber criminals employing social engineering tactics prey on human nature to manipulate unwitting victims. The refinement of this focused, narrow approach makes it even more frightening.
Think you would never fall victim? Put yourself in this scenario which occurred at our client location.
A customer calls in frantic and distraught at the “stupid” mistake they have made. They were in for service earlier that morning and left in such a hurry they forgot their purse. Now they are over an hour away trying to make a huge client meeting that starts soon.
They have a problem though, and they need your help.
There is a flash drive in their purse that contains their presentation for the meeting. They need you to pull a file off the flash drive and email it to them as soon as possible, or their career-making deal they have been working on for months will be lost.
What would you do?
Most people would naturally want to help, just as our client did. They located the purse, found the flash drive and inserted it into their computer. They opened the flash drive and – just like that – the entire dealership was infected with ransomware, crippling every facet of their operation.
Fortunately, DealerIT was able to mitigate the damage for this client, though the costs in hardware replacement alone were quite substantial for the dealer. The scheduled nightly backups we performed ensured minimal data was lost, and our team had their systems back up and running in a relatively short amount of time considering the breadth of the attack.
This story reiterates three things we have touched on regularly. First, cybercriminals are sophisticated, cunning and charismatic in their approaches and will employ any tactic to get what they want. Second, your people are your first line of defense against cyberattack and it is imperative that they are trained regularly to recognize all threats. A qualified managed services provider is vital in preparing, defending, responding to, and recovering from a cyberattack.
How prepared are you and your team?
You train your staff to provide an excellent customer experience and do whatever they can to address a customer’s needs. How can you train them to do that, but also be cautious and mindful of the threat of a social engineering attack?
Partnering with a dedicated managed services provider with cybersecurity expertise can ease this burden. You can focus on your core business while your IT provider provides regular training along with the latest cybersecurity tools to protect your dealership’s sensitive data and financial information.
Social engineering attacks are effective because people are generally helpful by nature. Sometimes the seemingly right thing to do is actually the worst thing possible. Preparation and heightened awareness are usually the only way to know the difference.
Social engineering is just one of the many ways cybercriminals attack, Click here to learn how DealerIT can help protect you and your dealership from every angle.
Imagine it is payday and your direct deposit didn’t hit your account. Questions start running through your mind. Did I approve my timecard? Was there a bank error? Glitch in the payroll system? There are many perfectly reasonable explanations. You need the money, but it can wait a day or two until this error is resolved.
So you start asking your co-workers, “Was your paycheck in your bank account this morning?”
Everyone says yes.
No panic yet. You will just call your payroll specialist and let them know there was a little mistake, get your money, and everything will be fine.
But the explanation you receive from them stops you in your tracks.
“We re-routed it to the new bank account you asked us to in your email last week.”
You did not send an email. Your account was hacked, probably by a link you clicked on, and now your money is in the hands of a cybercriminal, withdrawn from an untraceable closed account, and gone forever.
This is a very real scenario that took place with the general manager of an actual DealerIT client. And it is way more common than you might think.
Cybercriminals are always working hard for an easy score. They are monitoring your dealership’s activity and looking for ways to take people’s hard-earned money or sensitive data for resale on the dark web. Phishing emails are one of their most common tools.
The paycheck example is relatively small compared to another situation with a different DealerIT client before they had our security training. This dealer was in the process of a buy/sell. The group’s CFO received an email from the selling agent asking to wire the seven-figure amount to a different account than planned, ironically because there was allegedly suspicious activity associated with the original account.
The CFO had everything set to go through and (thankfully) called the selling agent just prior to authorizing the wire transfer to let them know it was going to the new account.
“We didn’t send the email,” the CFO was told. Disaster was narrowly avoided.
There are two key takeaways from these real-life scenarios: One, taking an email at face value, particularly when there is money involved, is a bad practice. Two, though there are hundreds of products designed to stop the sophisticated methods cybercriminals use to attack, people are the first and weakest line of defense.
In both cases, the email address of the sender was spoofed, with one character changed, but since the rest of the email looked legitimate the recipient followed through without noticing. It is imperative for people to be trained to be skeptical of anything that comes through their inbox.
Emails like these would have raised red flags to the trained eye. The email address would have jumped off the page. The implied urgency that made the recipient feel like they needed to act quickly is also a common phishing tactic employed by cybercriminals. Finally, upon closer examination, there were typos and poor language that is typical of these sorts of efforts as they often originate from foreign countries.
A managed services provider should be on the frontlines training your employees to recognize red flags like these to protect your dealership’s cash and valuable information. DealerIT does this and puts other measures in place such as an alert header at the top of every email that originates outside your mail server. This greatly reduces incidents directly related to spoofed emails addresses and phishing in general.
Are you worried about your next paycheck being stolen? Are you concerned about the safety of a wire transfer in this digital world? If you are not doing all you can to ensure your first line of defense – your employees – have the knowledge and resources necessary to keep from falling victim of a cyberattack, you need to act quickly to protect your business.
Click here and ask our team to perform a complimentary security assessment of your dealership. Your next paycheck could be riding on it.
Post a Comment
You must be logged in to post a comment.
Contact Us