Proactive Cyber Defense and Rapid Incident Response
Our CyberOptic platform does it all
Whether you need to harden your security posture to prevent being the next cyber victim or you find yourself in the middle of a cyber attack, Proton has the experience, technology, and skills to handle your dealership cyber security needs.
ENDPOINT DETECTION & RESPONSE (EDR)
Internet-connected devices such as desktops, laptops, mobile devices, printers, and point of sale (POS) terminals require extra protection, as each of these endpoints can be targeted by a hacker to gain access to the network with potentially devastating consequences. According to industry research, a single compromised endpoint will cost a dealer $763 on average. For effective protection against advanced threats, dealerships need to supplement traditional endpoint security in the form of an anti- malware suite with an endpoint detection & response (EDR) solution.
SECURITY AWARENESS TRAINING
Auto Dealerships need to address what is usually the weakest link in an organization’s cyber defenses: the people working there. Clever threat actors don’t hack machines; they hack people, using various forms of psychological manipulation known as social engineering. Social engineering attacks like phishing are incredibly successful, forming the first stage in 93% of cyber attacks that result in a security breach. The reason? Employees don’t know enough about social engineering attacks to recognize one when they are at the receiving end.
PASSWORD MANAGEMENT
Poor password management is putting many auto dealerships at risk. In 2020, hundreds of auto dealerships were hit by cyber attacks because threat actors cracked employee passwords. In order to prevent this from happening, dealerships should implement a proper password policy.
PATCH MANAGEMENT
One major risk to dealerships stems from security flaws in operating systems, applications, and hardware components that threat actors can exploit to break into computer systems. A recent report showed that unpatched vulnerabilities accounted for 57% of security breaches affecting mid-sized companies and this percentage is unlikely to be lower for smaller firms. In order to reduce their risk, auto dealerships need to implement a patch management strategy ensuring that security fixes for discovered vulnerabilities are installed in an organized, timely manner. This is easier said than done, since the overwhelming number of vulnerabilities published each year (over 17,000 in 2018) can make it hard to see the forest for the trees.
EMAIL SECURITY
Email is the cornerstone of modern business communication. A typical dealership relies on it for thousands of transactions and activities every month. Yet few dealers spend much time or focus on the security and integrity of the system. A dealership email server should be a modern robust platform such as Office365 Exchange or Google GSuite. The email server should also have an additional layer of spam filtering and advanced threat protection. Business email compromise attacks are the leading cause of network infiltration.
FIREWALL MANAGEMENT
Firewalls reduce cybersecurity risk by identifying and managing potential threats to the dealership. Firewalls should incorporate threat management solutions that enable analysts to identify potential threats and define and implement mitigations to address them. be placed on which traffic should be allowed to and from the organization’s network. When data is transmitted across a network, it is broken down into small units called packets that contain information about the source IP address, the destination IP address, and the contents they are carrying to the destination, where they will be reassembled. In order to block malicious incoming traffic and illegitimate outgoing data transfers, auto dealerships need to have a robust properly managed firewall to handle these security tasks.
BACKUP & DISASTER RECOVERY (BDR)
Even a mature cyber security program will not and simply cannot provide complete security for a variety of reasons, including the fact that any computer program and any hardware device may at any time be vulnerable to attacks that have not been publicly disclosed. Because threat actors are constantly probing computer systems in hopes of finding new security flaws to exploit, dealerships can never be 100% sure that their devices and data are safe. This makes it crucial for auto dealerships to implement a solid backup and disaster recovery strategy that will enable them to recover their systems in case a ransomware attack or another cyber security disaster leaves them without access to important data and/or applications.
NETWORK SEGMENTATION
Auto dealerships should also divide up their network into smaller, separate elements, or subnets, to make sure that, if a threat actor manages to gain a foothold in the company network, they will have a hard time moving across the
network and accessing valuable assets. This can be achieved through network segmentation.
INTRUSION DETECTION & PREVENTION SYSTEM
In addition to filtering incoming and outgoing traffic, dealerships need to put a solution in place to monitor what happens on their network, so that malicious activity does not go unnoticed. This is where an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) can make all the difference.
IDS vs IPS
An IDS is a somewhat more basic solution than an IPS. The former will only monitor traffic and alert a system administrator when it notices something suspicious, while the latter will also try to block any malicious activity it registers. An IDS or IPS solution should monitor traffic coming into the network, as well as traffic within the network, and must be carefully configured to avoid it raising many false positives. Both solutions can come in the form of a hardware device that needs to be physically connected to the network, or as a software program.
As Seen on Automotive News
When Arrigo Auto Group got hit by hackers, they called Proton. Our team immediately began the process to secure the dealership network, extricate the hackers, and restore dealership operations.
