Before we get into what a SOC (pronounced sock) is and why every dealer should have one, it’s important to first consider the following which was reported in IBM’s 2020 Cost of a Data Breach Report:

• On average, from the time a breach begins, it takes about 207 days just to detect the breach. It then takes another 73 days to contain the breach.  That’s a total of 280 days (9 months).
• The average cost of a breach for companies of all sizes is $3.86 million. For businesses with less than 500 employees the average cost of a breach is $2.64 million.
• The average savings that a business can realize from containing a breach in less than 200 days vs more than 200 days is $1 million.

Add one more tidbit to consider before reading further – the National Security Alliance found that 70% of cyber-attacks target small to mid-sized business (less than 1000 employees).  So, don’t think that cybercrime is something that only large businesses need to worry about.

Now, what’s the point of telling you this?  As a dealer that cares about money and your dealership’s reputation, you should want to do everything possible to mitigate your risk of suffering a cybersecurity breach.  And, if you do suffer a breach, then you should want to make sure that your dealership is prepared to swiftly contain the breach and limit – or maybe even eliminate – its impact on the business you’ve worked so hard to build.  This is where the SOC – or the Security Operations Center – comes in.  In a nutshell, having a SOC makes it possible to drastically reduce the time it takes to detect and contain a breach.

Simply, a SOC is a team of highly trained cybersecurity experts responsible for continuously monitoring an organization’s endpoints (employee PCs) and network for suspicious activity.  And, if a cybersecurity attack is detected, then it’s the SOC’s job to respond.  The cybersecurity professionals that work in a SOC typically have significant expertise in digital forensics, threat hunting, malware reverse engineering, incident response, and technical surveillance countermeasures.  This type of specialized cybersecurity expertise rarely exists in a dealer’s IT department.

The SOC expands the capacity of your dealership to monitor, detect, and respond to cybersecurity threats – quickly.  Securing the capabilities of a SOC alleviates your dealership from the effort and high costs associated with hiring and retaining in-house cybersecurity expertise.  Having an external SOC will save your dealership money while also protecting your data, systems, finances and reputation.

Typically, SOCs have the following responsibilities:

• Continuous Threat Monitoring – The SOC team continuously looks at log files from endpoints, network resources, and email appliances to sniff out suspicious activity that might indicate that a breach is in the works.
• Incident Response & Recovery – The SOC figures out exactly when and how a breach occurred. This information is essential in fortifying the dealership’s security posture – so the same type of attack doesn’t happen in the future.  The SOC also coordinates the dealership’s ability to quickly take action to stop an attack in progress by doing things like shutting down or isolating compromised endpoints and terminating harmful processes to circumvent a ransomware attack.
• Ongoing Remediation Activities – Using data-driven analysis, the SOC proactively identifies and addresses security vulnerabilities and adjusts threat monitoring and alerting tools as appropriate.  Think of the SOC as a 24/7/365 watch guard continuously looking to bolster your cybersecurity defenses.

Performing these tasks effectively requires a set of skills, processes, and an advanced set of technology that most dealers don’t currently have in place.  Adding these skills to your dealership is not a luxury but an absolute necessity as the incidence of cybercrime continues to expand.  If you need help or want to learn more about a SOC, please let us know.