Dealerships are facing an increasing number of cyberattacks, with devastating incidents targeting companies like Findlay Automotive Group and CDK Global. The rise of these attacks serves as a stark warning to dealers: the threat is real, growing, and must be addressed urgently.

The Growing Dominance of Cybercriminals

Cybercrime has evolved into a $9.5 trillion industry, with cybercriminals gaining the upper hand through sophisticated, well-funded operations. Industries that underinvest in cybersecurity, such as auto dealerships, are prime targets. The recent cyberattack at CDK highlights the severe impact of these attacks. As of June 19, CDK customers experienced a catastrophic outage, disrupting daily operations for many of the dealerships who rely on their services.

CDK’s statement underscores the gravity of the situation: “We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems. We are currently assessing the overall impact and currently have no ETA.”

The Industry’s Vulnerability

Dealerships are particularly vulnerable due to common security deficiencies. Assessments of dealership security often reveal:

• Outdated equipment and software
• Weak password policies
• Overuse of administrative rights
• Lack of experienced cybersecurity professionals

Many dealers exhibit a general disregard for sound security practices, frequently citing cost and the belief that “they won’t come for us” as reasons for their lax security measures. However, the automotive industry is quickly learning that a weak security program can be far more costly in the long run.

Recent High-Profile Attacks

On June 9th, the Findlay Automotive Group, a 35-store chain, suffered a devastating cyberattack. Although details are still emerging, it is clear that the attack severely crippled their computer systems. This incident has already led to a class action lawsuit filed by two consumers in Nevada’s Clark County District Court. The rapid media coverage and immediate legal repercussions serve as a sobering reminder of the potential fallout from a cyberattack.

The Fallout of a Successful Attack

The aftermath of a cyberattack can be extensive, involving regulatory actions, insurance investigations, litigation, and reputational damage. For Findlay, the consequences are already unfolding with legal action and potential FTC involvement on the horizon. Insurance companies are likely to scrutinize whether the affected dealership had adequate safeguards in place, further complicating recovery efforts.

Taking Cybersecurity Seriously

Dealerships must recognize that they are prime targets for cybercriminals – regardless of size. The assumption that “we are small, they aren’t going after us” is dangerously flawed. Cybercriminals have the resources to target businesses of all sizes, making it imperative for every dealer to enhance their cybersecurity measures.

Helion’s Approach to Cybersecurity

At Helion, we understand the delicate balance required to protect against cyber threats while ensuring profitable dealership operations. Our comprehensive cybersecurity strategy includes:

1. Continuous evaluation of client systems and practices by formally trained & experienced cybersecurity professionals using global security standards such as NIST and CIS20.
2. Implementation of best-of-breed security technologies and practices.
3. Leveraging our scale and buying power to provide security products below industry costs.
4. Regular compliance evaluations for new and existing regulatory and insurance requirements.
5. Adoption and recommendation of new technologies and industry practices as the security landscape evolves.

 Wake Up!

Dealers must move beyond filling out shoddy questionnaires and purchasing off-the-shelf, magical solutions that offer little – if any – real protection from the cybercriminal. Instead, a robust, comprehensive approach to cybersecurity is essential.

Helion’s clients benefit from a model built on nearly three decades of experience, industry-leading IT & cybersecurity expertise, and a commitment to maintaining the highest security standards. As the threat landscape continues to evolve, Helion remain dedicated to protecting our clients with the best possible strategies, processes, and technologies.

Dealers must wake up to the reality of today’s cyber threats. Investing in robust cybersecurity measures is not just a protective strategy—it’s essential for the survival and success of every dealership.