Hackers are increasingly attacking small businesses, including auto dealerships, because many of these operations lack tight data network security-monitoring systems.
For instance, hackers broke into a Kansas dealership's accounting system, set up a number of phony employees and siphoned away a fast $63,000.
By accessing dealership bank accounts, hackers can set up bogus accounts, first transferring, then absconding with dealership funds.
Because of their vulnerability, small businesses are more attractive to cyberthieves than are big operations. While potentially more lucrative for hackers, bigger enterprises typically will use robust computer-security systems to stop such crimes.
“The same data dealers need to run their business is treasure for hackers,” says Terry Dortch, president of Automotive Compliance Consultants. “They steal customer identity and business data.”
A skilled hacker “has no problem breaking through a dealership's typical firewall systems to steal critical and valuable data,” he says. “Without a system in place that will detect and stop cyber attacks, the dealership is a sitting duck.”
Small businesses lost $8 billion in 2010 to identity theft, according to a Jevelin Strategy & Research study. Smaller businesses “are low-hanging fruit” to hackers, says Jevelin research analyst Phil Blank.
Dortch cites dealership vulnerability in the following areas:
- Theft of bank account numbers and customer information contained in the data and documents that flow through the dealership network.
- Exploitation of the network, including the dealership phone, DSL, cable or TI lines that eventually link external networks to internal desktops and laptops and their connected systems. Hackers use these external access points to enter the internal network.
“This exploitation and theft happens quietly and can go on for some time before detected,” Dortch says.
Off-the-shelf malware and anti-malicious code software can help protect the dealership from these criminals, “but in most cases more sophisticated network monitoring and security will be warranted, especially given the volume of financial transactions that occur on a dealership network daily,” he says.
Federal Trade Commission regulations hold dealerships responsible for protecting customer data.
Larger dealerships, especially publicly owned groups, have their own security measures. Many security-conscious smaller dealerships opt for outsourcing.