fbpx

Cyber Security Basics

by | Aug 30, 2024 | Variable Ops | 0 comments

Cyber Security Basics

Written by Doug Peterson and Geoff Wisman

One of the most common questions dealership owners ask us revolves around how to prevent a cybercrime from destroying their business. While we have plenty of advice to give on this topic, we thought it would be more appropriate to go directly to our cyber security expert partner, Geoff Wisman of Summit Solutions. Geoff and I had a great conversation about the insights into the current cybersecurity landscape and how it pertains to the dealerships.

What are the top three ways cyber criminals are attacking dealerships?

  1. Ransomware: This remains one of the most prevalent threats. Cybercriminals are increasingly targeting dealerships with ransomware, as the disruption to operations can compel businesses to pay the ransom quickly. The attacks are becoming more sophisticated, with attackers often spending time inside a network before encrypting data, which allows them to maximize their impact.

     2. Phishing: Phishing attacks continue to be a significant threat vector. These attacks often target employees through email, masquerading as legitimate communications. We’ve seen an increase in the use of targeted phishing campaigns (often called spear-phishing) where attackers gather information on the dealership to create convincing and personalized messages.

     3. Business Email Compromise (BEC): This type of attack involves scammers posing as trusted partners or executives to trick employees into transferring funds or divulging sensitive information. It’s a growing concern due to its high success rate and the substantial financial losses it can cause.

What are the top three strategies a dealer needs to consider to defend against cybercrimes?

  1. Employee Training and Awareness: Ensuring that all employees are trained to recognize phishing attempts and other social engineering tactics is the first line of defense. Regular training sessions and simulated phishing exercises can significantly reduce the risk of an employee falling victim to these attacks.

     2. Multi-Factor Authentication (MFA): Implementing MFA across all critical systems and accounts is essential. Even if a cybercriminal obtains a password, MFA can prevent unauthorized access by requiring an additional verification step.

     3. Regular Backups and Incident Response Planning: Regularly backing up data and having a robust incident response plan in place are critical. In the event of a ransomware attack, having secure, recent backups ensures that you can restore operations without paying a ransom. Additionally, an incident response plan allows your team to act swiftly and effectively during an attack.

    Has the frequency of cybercrimes leveled off or cooled down any?

While some may hope that cybercrimes are leveling off, the reality is that the threat landscape continues to evolve, especially in industries like automotive dealerships where valuable data is at stake. 

How does Summit Solutions differentiate from other cyber security firms?

At Summit Solutions, we’ve seen that cybercriminals are constantly adapting their methods, making it critical for dealerships to stay ahead. Our Cyber Awareness Training or AP2T is our first product to market and will always remain a cornerstone in our approach to cybersecurity. By educating employees on recognizing and responding to threats, we help reduce the risk of human error, which is a common entry point for cybercriminals.

To complement this in the future, our Compliology platform is designed to help dealerships not only stay compliant with regulatory requirements but also enhance their overall security posture. Compliology offers continuous monitoring and automated updates to keep your defenses strong.

Additionally, our Dealership Management System (DMS) when launched will work seamlessly with these tools, streamlining internal processes while ensuring maximum protection for both the dealership and its customers.

What sets Summit Solutions apart is our unwavering commitment to security. While we aim to make processes more efficient, we never sacrifice security for the sake of ease—a trade-off that is all too common in other programs. As I always say, “True security cannot be guaranteed as an absolute state; it’s the strategic balance between proactive vigilance and agile response that ensures a business’s resilience and continuity in the aftermath of a data breach.”

Together, these solutions provide a robust defense against the persistent and evolving threats in the cybersecurity landscape, ensuring that your dealership remains both secure and efficient.

If you are interested in learning more about protecting your dealership from cybercrimes, please reach out to a DealeRisk team member today!