Why Cybercriminals Target Dealerships

First published on Fuel.reyrey.com.

Dealerships are prime targets for cyber attacks and many auto dealers fail to realize the gravity of this truth. Some consider cybersecurity as just another expense. However, cybersecurity is a critical business practice that will only become more vital for dealerships as cyber attacks become more common and more complex.

Cybercrime has evolved so much over the years and cybercriminals are no longer just some hacker in a dark basement who works alone to break into systems and networks. Many cybercrimes are carried out through organized groups of well-funded, full-time criminals who work together to completely overtake an organization’s network.

Why do cybercriminals target auto dealerships?

Think about all the data that’s collected and stored at your dealership. You have names, addresses, phone numbers, and email addresses all in your CRM. You’ve got bank information and social security numbers collected in F&I. Employees’ usernames and passwords are stored within your system.

To put it simply, your day-to-day operations require that you store private information for thousands (if not tens of thousands) of customers and employees. Dealerships have what cybercriminals are looking for: 1) tons of private information and 2) IT systems/policies that tend to be outdated or not a top priority.

What do cybercriminals want?                                        

Like most criminals, cybercriminals are motivated by money and have several ways of getting it from dealerships.

These criminals can steal your customer and employee data and sell it on the dark web. Personal data is highly valuable. There’s no end to what someone can do with your private information; they can make purchases with your money, use your social security number to receive free medical care, and much more. If a cybercriminal can get access to enough sellable data, they can make thousands, or even millions, on the dark web.

Another common way for them to get money is through wire fraud. Frequently, this occurs through sophisticated phishing emails. For example, the cybercriminal poses as an executive and sends someone in the accounting office an email containing a wire request. To the accounting person, the email looks legitimate, so they comply and wire the money.

Ransomware attacks are another common way cybercriminals can use your business to make money. This highly damaging attack encrypts the data on a computer or network with a password set by the attacker. The attacker then offers to unlock the data if the dealership pays the ransom and will often threaten to leak the data and notify customers if payment isn’t received (further increasing the pressure on the business to pay the ransom).

How to stay out of the line of fire.

Just because auto dealers are prime targets for cybercriminals doesn’t mean your dealership has to become their next victim. Being proactive with cybersecurity saves time, money, resources, and your reputation. To ensure you’re as protected as possible, you’ll want a trusted team of experts on board: people who are professionally trained in automotive cybersecurity, can monitor your systems 24/7/365, and provide comprehensive cybersecurity systems and trainings.

Remember, just because it hasn’t happened yet doesn’t mean it won’t.