Proactive dealers and vendors can protect their companies from cyberattacks, such as those that recently struck CDK Global and Findlay Automotive Group, which has over 33 locations and about 2,300 employees.

But the time to act is now because more cyberattacks, specifically against dealerships, are likely coming soon.

“The CDK attack opened the door to other hackers,” Terry Dortch, CEO of Automotive Risk Management Partners, tells WardsAuto. “We know the Findlay breach occurred because of phishing events. Dealers need to be aware for the next 90, probably 120 days, they will have increased phishing attacks.”

So, dealers need to be extra cautious when they receive emails, especially those that purport to be from CDK. They may well be from hackers pretending to offer solutions or services from CDK or other well-known vendors.

After two attacks in one week, CDK cautioned customers that fraudsters were posting as members of CDK and its partners.

Dealers should realize that hackers generally don’t target one industry, though the CDK breach will likely spawn a flurry of hackers targeting auto retailers. Hackers have computer programs that search for open ports that allow them to gain access to businesses.
“All they want is an open port,” says Dortch. “They don’t know if the port belongs to (a small business or private person) or CDK.”

What they do know is that they can demand millions of dollars in ransom. The hackers that targeted CDK are a group that has been in existence for about a decade and obtained about $100 million in ransomware attacks throughout the world, Dortch says.

Dortch notes that hackers do not look for customer information or data because that makes them more vulnerable to discovery.

Although such ransomware attacks have not been commonplace, “the reality of it is, a dealer that doesn’t take action is eventually going to get hurt,” he says. That’s increasingly true as AI and other technologies become commonplace.

Dealers who want to be proactive must run regular vulnerability scans and penetration testing to identify vulnerable entry points on their infrastructure.
“Dealers need to not just run them but pay attention to them,” he says. “Some dealers do these (tests) frivolously and don’t even know why they are doing them. A lot of dealers run these tests and never look at the results. If they do them correctly (and analyze the results), they greatly reduce their potential for problems.”

Steps Dortch recommends dealerships take include:

• Conduct automated breach penetration tests.
• Expose systems and processes to monthly vulnerability scans and audits.
• Take corrective action immediately on issues related to electronic information handling.
• Plan for remediation actions where necessary.
• Expose systems to dark web scanning and attack surface platform analysis.
• Protect passwords, re-issue logins occasionally and use caution when plugging USBs, disks, backup drives and other devices into your PCs and network.
• Treat smartphones, laptops and tablets as attractive assets for data thieves.
• Establish strict rules for how these devices will leave the dealership’s premises and how they will be protected when taken offsite. Have written data protection and compliance policies that spell out how these basics will be applied.
• Conduct ongoing physical and digital deal jacket audits.

And don’t limit your security checks to electronic information, he says.

“It amazes me how many dealers remain lax about managing deal jackets, leaving them exposed in the F&I office or, for lack of proper storage, stacking them in the customer lounge. Paper documents, from completed deal jackets to service records and deal worksheets, are rich with personal and financial data,” Dortch adds. “Anyone with a malicious spirit and camera phone wandering the store can quickly capture this information – and will rarely be observed doing so.”

As a reminder, the FTC Safeguards Rule requires non-banking institutions, including car dealers, to report breaches involving unencrypted information that impact 500 customers or more.