So much has changed from just a year ago. COVID-19, as well as a variety of other circumstances, have brought about a shift in the cybersecurity approach dealer’s need to take to protect their data, finances, and reputation. In this blog, we’ll discuss 3 key shifts taking place that are driving dealers to adopting a more modern cybersecurity posture. Additionally, we’ll provide an overview of what it means for dealers to implement a modern dealership’s approach to cybersecurity.
Auto and truck dealers need to evaluate their approach to cybersecurity and the weapons they have on hand to defend their business. Three key shifts are taking place that should accelerate an evolution in dealership IT.
- An Increasing Attack Landscape
COVID-19 serves to demonstrate the adaptive, opportunistic, and nimble nature of the cybercriminal. In 2020, we see the cybercriminal taking advantage of the pandemic – and the new remote work environment it has created – to unleash a wave of new spam, malware, phishing scams, coronavirus-related business email compromise attempts, SMS phishing and credential theft attacks.
Additionally, with millions of people working from home, businesses are forced to protect an exponentially larger attack surface. We now have risks associated with always-on VPNs, more mobile accessibility, and the trend for more people to use personal devices for business purposes.
It’s also important to keep in mind that most cybercriminals don’t get caught – and as it turns out this line of work is quite lucrative. So, it makes sense that such a profession would attract others to get into the game. This means an increasing number of cybercriminals that we all need to worry about. Dealers now have a larger attack landscape than ever before to defend against.
- Privacy Concern & Compliance
Increasingly, consumers demand that their buying experience be personalized to their needs. Consumers expect that those they do business with know them and can cater to their needs. To meet consumer expectations, businesses must collect, use, and store more consumer data.
At the same time, consumers are fed up with businesses who fail to properly secure the information they have entrusted to the business. Consequently, consumers are demanding that legislators do something to drive businesses to take reasonable measures to secure their data. For those in California, you know this very well. California consumers now have the California Consumer Privacy Act (CCPA). This law requires that businesses take “reasonable measures” to secure consumer data. Those who suffer a breach and fail to show that they have taken “reasonable measures” to secure consumer data face legal action – not only from the state but also from individual consumers.
Consumer privacy legislation is spreading across the country and is now in 24 states. There is also talk about a federal consumer privacy act which is said to model CCPA.
- Data Reliance & Distribution
To meet consumer expectations, dealers must increasingly rely on data to personalize the consumer’s interaction with the dealership. In addition, as cloud and mobile computing become more prominent in the business of selling and servicing cars and trucks, data doesn’t just reside within the dealership’s secure perimeter anymore. Data now travels outside of this perimeter and must be protected wherever it exists.
Modern Dealership Cybersecurity
The shifts impacting dealers mentioned above all contribute to the emergence of a new and modern way for dealers to protect their businesses from the cybercriminal. Education, Technology, and People comprise the three essential elements of a modern dealership’s approach to cybersecurity.
91% of cybersecurity breaches begin with a successful phishing attack. This means that an employee clicked a malicious link in an email. The best way to mitigate this risk it to turn your employees into a human firewall. Solutions like KnowBe4 make training employees to spot and avoid a phishing scam easy. This is a great way to decrease your dealership’s “phishability.”
There are some essential technologies that modern dealerships are adopting as the cybersecurity and data compliance landscape shifts. These include SIEM, IAM, and DLP.
- SIEM – Security Information Event Management (SIEM) is a software solution that enables the detection of cyber-attack incidents that would otherwise go unnoticed and it empowers your IT team to quickly take measures to protect your dealership.
- IAM – Identity and Access Management (IAM) is about defining and managing the roles and access privileges of individuals along with the circumstances in which these users are granted or denied those privileges. IAM systems make it possible for administrators to change a user’s role, track user activities, generate reports, and enforce policies.
- DLP – Data Loss Prevention (DLP) solutions ensure that sensitive data isn’t accessed by unauthorized users or that this data isn’t misused.
SIEM, IAM, and DLP can all work in concert. DLP protects sensitive data as it makes its way to endpoint devices. IAM complements DLP by connecting different authentication services together so that when users need access to information, they make a request through a single service. SIEM aggregates, correlates, and assists in analyzing the event logs from a variety of different sources to identify suspicious behavior.
To implement and maintain a modern dealership cybersecurity approach you must have a team of trained, skilled and knowledgeable IT professionals on-hand to configure, manage, and complement the technologies mentioned above. If for instance, your SIEM “sounds the alarm” that your dealership has been breached, you must act quickly. Your IT team can’t hesitate to first think about what they should do. Your IT team must have a well scripted plan in place for how to respond and every member of your IT team needs to know exactly what to do to protect your dealership.
Since only about 30% of dealers employ a network engineer with computer security certifications or training – IT staffing is something dealers need to give more attention. Things are much different today. Dealership IT staff needs to be more than just someone who can periodically reset a router and assist employees who are having difficulty printing. A dealership’s IT team is mission critical for implementing a modern approach to cybersecurity and thriving in the new normal.