Today the average downtime from a cyberattack is about 3 weeks. The reason why it takes so many so long to resume operations after a cyberattack is because many businesses focus solely on blocking the attack. The implementation of antivirus software and endpoint detection technology gives naïve businesses a sense of confidence that their business is protected. The problem however is that eventually the cybercriminal will penetrate your cyber defenses. Nothing is 100% effective. To mitigate – or even eliminate – potential downtime from a cyberattack requires that businesses appropriately plan for – and act on – the other half of the cybersecurity puzzle – cyber recovery.
Cyber recovery refers to the process of restoring a business’s IT systems and data following a successful cyberattack. This process includes identifying the cause of the attack, mitigating the damage, and quickly restoring normal operations. For dealers, it’s important for to have a cyber recovery plan in place because dealerships can’t sell and service cars and trucks without technology. So, a cyberattack that disrupts a dealership’s systems will undoubtedly cause the dealership significant financial losses and damage to their reputation. Think about the impact to your dealership if you can’t sell cars for 3 weeks.
Security breaches happen when security patches aren’t implemented promptly, anti-malware products are misconfigured, weak passwords are used, administrative rights aren’t properly implemented and managed, and when employees fall victim to a phishing attack. Since the cybercriminal is constantly devising and releasing new viruses, the enormous number of novel viruses in use makes it extremely difficult for IT teams to keep pace. If your dealership’s IT team is composed of a one person – then your dealership is in an especially precarious position.
Cyber recovery success requires proper preparation and planning. It also requires swift and decisive action when the inevitable occurs. This could be at 2am on Christmas Eve. If your IT environment is taken down, you can’t afford to have key personnel unavailable or running around like headless chickens. Speed at this moment in time is critical to mitigating downtime.
At this point, pause and think about who you have shouldering responsibly for keeping your technology infrastructure up and running. Do you have adequate resources assigned to this mission critical function? If it’s one person, what happens if you’re attacked when your “IT Guy” is on vacation?
At a high-level, when an attack occurs, cyber recovery requires the following:
Assess & Contain Damage
Your IT team must quickly determine how the attack occurred and the toll that it has taken on your dealership. More specifically, identify the systems and data that have been compromised and isolate the affected systems.
This step requires that you have proactively created and tested a reliable backup. If so, then your dealership will restore systems from this backup. You must also change all passwords and make sure that all unpatched systems are taken offline until updated.
It’s critical that everyone in the dealership know what has happened, how it has occurred and what is being done to fix the issue and prevent this from happening in the future.
Effective cybersecurity requires layers of strategy and tactics beyond just prevention. Having a layer of strategy and tactics that focuses on recovery protects your dealership from the inevitable. With the implementation and management of a cyber recovery plan you can revert digital files and devices to a pre-attack state and mitigate – or completely avoid – any downtime. Don’t be complacent with prevention only. Give yourself peace of mind by appropriately preparing. The cybercriminal will get in.