Pen tests are valuable – if you have the appropriate expertise to fully understand the findings and then take action to address the vulnerabilities identified. However, pen tests are an evaluation of your cyber defenses at a specific point in time. Therefore, if a cybercriminal is attacking your dealership today and you have a pen test scheduled in six months, then the pen test is worthless in helping you to identify and stop the attack that is currently in progress.
We should all assume that we will be attacked by the cybercriminal. We should also understand that in most cases the cybercriminal is a well-funded, highly trained, professional criminal. They regularly assess their effectiveness and evolve accordingly to remain productive.
If your priority – from a cyber defense standpoint – is to protect your dealership’s finances, systems, and reputation then the key to mitigating – or even eliminating – the impact of a cyberattack is early detection and swift remediation. It’s essential that you identify an attack in its infancy and then swiftly stop the attack. A pen test will not do this. A pen test will not help you to detect suspicious behavior within your network, investigate the suspicious behavior, and then stop an attack in progress. However, continuous, around the clock monitoring of your network by cybersecurity professionals will. Continuous monitoring is the gold standard of cybersecurity best practice.
The new FTC Safeguards Rule requires that dealerships either implement continuous monitoring OR perform annual pen tests and bi-annual vulnerability assessments. Without question, continuous monitoring is a more effective cyber defense because it provides the ability for early detection and swift remediation of an attack. This is the key to protecting your dealership.
Why then doesn’t everyone opt for continuous monitoring? Well, years ago implementing continuous monitoring was expensive. It requires cybersecurity expertise that isn’t easy to find, 24x7x365 monitoring, and the use of advanced cybersecurity software – but times have changed. Now, continuous monitoring is offered as a service where the cost can be spread across a variety of organizations. Now, continuous monitoring is something every dealership can afford.
If you are serious about protecting your business from a cyberattack then you should look to implement continuous threat monitoring. This will not only protect you – it will also help you to comply with the new FTC Safeguards Rule. Today, Helion provides continuous threat monitoring to dealerships of all sizes across the country. If you need help, then please let us know.