When it comes to protecting your dealership from the cybercriminal – Indicators of Compromise (IOC) is the typical approach utilized. IOCs are evidence that a cyber-attack has taken place. IOCs provide valuable information about something that has already occurred. Antivirus solutions leverage known indicators of compromise, such as a virus signature, to guard against a threat. This is valuable – but it’s also a reactive approach to cybersecurity.
In contrast, Indicators of Behavior (IOB) are cyber-behaviors that are monitored to understand the potential of risk. Whenever a document is created, saved, changed, emailed, shared, uploaded, downloaded, or deleted these actions can be analyzed as a series to determine context and intent. IOBs are basically unexpected or unauthorized modifications to the normal mode of operation. IOBs might include things like:
- Installing new applications
- Creating new user accounts
- Sending an attachment to a personal domain
- Running queries and exporting the results
By taking a more proactive approach to cybersecurity and leveraging IOBs, a dealer can now predict when a cyberattack appears possible and then take a set of preemptive actions to prevent or shut down a cyber infiltration before it causes any damage.
The reality is that your dealership will eventually be attacked. How you deal with the attack is going to determine the impact it will have on your finances and your reputation. The ability to detect a potential threat early and to stop it quickly is essential. This requires a more proactive cybersecurity defense.
Consider that the average cost of a breach for an organization with less than 500 employees is $2.64 million. On average, from the time a breach begins until it is contained is 280 days – that’s 9 months. IBM’s 2020 Cost of a Data Breach says that on average a business can save $1 million if the breach is contained in less than 200 days. So, the quicker you can detect and then neutralize a breach the smaller the impact will be to your dealership. This is why – when it comes to cybersecurity – time is of the essence.
Implementing a more proactive approach to cybersecurity requires that you take a look at the technology you are using to protect your dealership. Are you using the latest and most advanced endpoint software? Have you deployed a Security Information Event Management (SIEM) solution? Do you have resources monitoring your IT environment around-the-clock and prepared to take action when suspicious activity is detected?
Remember, the cybercriminal’s job is to break into your business and steal from you. This is their focus. Your job on the other hand, is to sell and service cars and trucks – not to fight the cybercriminal. This puts you at a disadvantage. However, you can level the playing field with a proactive approach, the right technology, and expertise that is ready to act.