Professional Community for Car Dealers, Marketing, Advertising and Sales Leaders
In August, Timonium, Maryland based Helion Technologies announced that 75 percent of small businesses have experienced at least one security breach within the previous 12 months... This factoid is according to a recent survey conducted by Osterman Research.
The findings were published in a July 2016 report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey. The survey's results were derived from companies surveyed that ranged in size from 100 to 3,000 employees.
"These findings are similar to what we are seeing in auto dealerships, and unfortunately we are seeing the rates of attack continuing to increase," said Erik Nachbahr, President of Helion Technologies. "Every time a hacker successfully breaches a network and profits from the attempt, 10 more hackers get into the game."
Small businesses, (including car dealerships) are defined as having fewer than 500 employees. These are the companies most vulnerable to security attacks because they are less likely to have full-time security experts on staff. Nearly one-third of the survey respondents had two or fewer IT personnel focused solely on security, indicating that smaller companies do not have the expertise necessary to deal with attacks, infections and other problems quickly and efficiently.
"Security doesn't have to be this massive, complicated problem for auto dealers," said Nachbahr. "Prevention is actually pretty inexpensive and easy. What's really costly is when a breach happens. A single incident may result in the loss of hundreds of thousands of dollars. Yet with simple technology precautions as well as employee awareness and training, these incidents can easily be prevented."
The survey also found that for SMBs, overall security-related costs have increased an average of 23 percent in the last 12 months. The increase is likely correlated to the growing number of security threats; for example, in 2015 the number of phishing URLs increased by 55 percent and the total volume of new malware increased by 14 percent.
One of the primary targets in Car Dealerships is Customer Data.
In auto dealerships there is enormous value within all of the customer records kept in dealership management systems and customer relationship management applications. Stolen login credentials, credit card numbers, social security numbers and account numbers can be used for a variety of purposes; including gaining access to corporate financial accounts, selling credit card numbers on the open market or creating new identities for criminals.
Auto dealership employees can minimize the threat posed by phishing, worms, viruses and ransomware by doing the following:
According to Helion Automotive Technologies, the single greatest source of threats to dealership cyber security are the dealership's employees.
Helion also has stated that hackers are specifically targeting car dealerships and focusing on dealership business offices (accounting) and the Finance and Insurance departments.
Helion claims that international crime organizations are using targeted email scams that are designed to trick employees into performing actions that will result in their dealerships becoming vulnerable to an attack.
“The increase in the number of organized attacks in the last year is astounding, and auto dealers need to be on alert,” said Erik Nachbahr, president of Helion. “In addition to the volume of attacks, the level of sophistication and research involved is frightening.”
Hackers who break through firewalls and get access inside dealership networks have the ability to gain access to dealership login credentials, dealership and customer bank accounts and their wire transfer routing numbers. This is on top of all the other private customer information treasure troves in dealership DMS and CRM systems...
Helion provided an example of an actual cyber attack incident at a dealership:
"A virus was downloaded in an email attachment onto the F&I Manager's computer. The virus tracked every website visited and every keystroke. Hackers were able to use the information to login into credit bureau sites and extract credit reports for more than 200 customers before they were caught. This incident ultimately cost the dealer more than $150,000."
According to Helion, security software and firewalls alone can’t stop an attack like this because the attack originates inside the dealership's secured network from an employee email. These email attacks are targeted and are designed to look as if it were sent from within the dealer or group organization.
Attacks like the one described above are called "Spear Phishing" attacks.
There are ways to reduce risk and to prevent them, Nachbahr recommends that dealerships verbally verify all requests for wire transfers. He also recommends dealerships have a cyber-liability insurance policy in place. Employees should be trained on cyber warfare tactics, he said, and all software patches from each system's publisher should be regularly updated.
For more information about dealership cyber security you can contact Helion at 443-541-1500 or visit http://www.heliontechnologies.com.
About Helion Automotive Technologies
Helion...Putting Your Dealership in the FAST LANE! Helion Automotive Technologies is a leading IT solutions provider, providing auto dealers with faster, more efficient networks and secure data protection. From managed services to IT assistance and service desk help, Helion offers both short-term IT fixes and long-term planning so dealers can focus on what matters most: selling more cars. Helion has specialized in IT for more than ten years and works with 650+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at www.heliontechnologies.com.