50 Comments

  1. 1

    Chris Morgan

    As a cyber professional who works with blue and red teams, I see the evolution of these tools on an almost daily basis sometimes. The most dangerous thing you can do is drag your feet. With attacker tools evolving as fast as defender tools, it is not hard to image dealerships getting behind quickly if they do not stay relevant.

    Reply
    1. 1.1

      Kristi Hynes

      Cyber crime will continue to rise as hackers continue to get more and more sophisticated. As the article recommends, it’s crucial that IT departments make sure they have a robust defense in depth program. It’s also important that the CISO ensure protections are updated to match the continuously changing threats. Without the defenses being updated in real-time, sophisticated hackers will be able to infiltrate the network and cause havoc in your system.

      Reply
    2. 1.2

      Richard White

      Chris,

      Thank you for the comment. Procrastination is indeed the enemy when the focus is cyber.

      Reply
  2. 2

    Sarah Scott

    The threat of hackers and vulnerable PII of customer and company data is as prevalent as ever, as mentioned in the article with the emergence of technology rapidly evolving. Without a cyber security strategy and implementation plan in place with proper procedures to follow, any business can expect to face attacks that may be devastating. The recommendations provided are great solutions to address increases in cybercrime which will inevitably happen over time.

    Reply
    1. 2.1

      Richard White

      Sarah,

      Thank you for you comment. Great insight regarding a cyber strategy.

      Reply
  3. 3

    Raquel Lewis

    I like the term cyberpunks. Would this term mean the same as script kiddies? Great article overall and a clear breakdown of motives for hackers.

    Reply
    1. 3.1

      Richard White

      Hi Raquel

      Me too… and yes, in general, the two are the same.

      Reply
  4. 4

    Owen OHare

    As an instructor for IT & Network Defense, I think this is a fantastic Article! The writer is completely correct and honestly the situation is getting worse.

    New programs and kits, Kali Linux being a great example, of how streamlined and simplistic things can get for newbies or “Script Kitties”. I say this because these people new to the community, have easy access these very powerful tools and kits, yet have no real idea how to use them.
    Which would be fine, because the train of thought would be “hey they do not know how to use them so they can not do harm”.
    Well that is where the easy access to online forums and how-to-manuals comes in real handy.

    Hell, if the user was very determined to really learn how to use these programs to a key, they can work towards the Ethical Hacker certification or go on the dark web via TOR (which is not hard to do nowadays) and learn from the best.

    Sincerely believe, that these problems such as ease of use, ease of access and abundance of material is one of the big problems we face today.

    -Owen

    Reply
    1. 4.1

      Richard White

      Owen,

      Thank you for the comment. I agree that the issue is getting worse both in frequency and success rate. The Ethical Hacker is a great recommendation for these folks but is often not extreme enough nor does it give the bad actor the notereriety that is sometimes being sought.

      Cheers,

      Rick

      Reply
  5. 5

    Rob Satterfield

    This is a great article about something not everyone thinks about for cybersecurity. Car dealerships sell cars, so why do they need to be secure? Anyone that’s bought a car knows that you have to give a wealth of PII, which could be very valuable to hackers.

    Reply
    1. 5.1

      Richard White

      Hi Rob,

      Thank you for your comment and your pragmatic example of why auto dealerships must be secure.

      Cheers

      Reply
  6. 6

    Jenny Goldston

    To get ready to address any digital security dangers, dealerships ought to adjust security going through with the particular dangers recognized in the hazard assessment, and spotlight on financially savvy measures. Having an organized rundown of dangers enables a dealership to concentrate on efforts on areas that matter most and abstain from spending on security technologies or exercises that are less fundamental or irrelevant to fixing recognized issues.

    Reply
    1. 6.1

      Richard White

      Hi Jenny,

      Great comment. Yes, the Risk Assessment is a great way to illuminate the actual risks being faced, as well as help develop a strategy to mitigate risk.

      Reply
  7. 7

    Jason Sproesser

    Staying vigilant and adaptable are the best countermeasures you can have to mitigate risks associated with cyber threats. The auto sales industry must focus on the cyber solutions more than most industries. In any one transaction at a dealership, a person can have all of their valuable information exposed and jeopardized based on the conducted transaction. In purchasing a vehicle, you are required to provide almost every element of your PII, as well as information regarding your financial institution for down payments and credit checks. The solutions provided within this article are excellent ways for dealerships to remain vigilant and adaptable to protect consumer information and organizational reputation. Failure to protect information provided to you by an entrusted customer is a recipe for organizational extinction.

    Reply
    1. 7.1

      Richard White

      Jason,

      Thank you for your comment. I agree that staying vigilant is key when discussing cyber threats. Again, thank you for the pragmatic look into why it is so very critical that dealerships remain cyber vigilant and cyber secure.

      Reply
  8. 8

    Nick Lee

    As an individual who is getting ready to begin his career in the cyber field, an article such as this one is a great example of the evolution of hacking tools and techniques, along with the money invested, to make our systems as secure as possible. My biggest takeaway from the post, has to be the cyber legislation and the amount of funds and time put into this project.

    Reply
    1. 8.1

      Richard White

      Nick,

      Thank you for your comment. I always try to not cyber laws and proposed legislation in most articles I write. I think that by doing so the reader can get a sense of what’s on the horizon.

      Reply
  9. 9

    Tenisha Carter

    Having 24/7 eyes on the network is major and will help protect against the threat of hackers. Organizations will benefit from using MSSP, becasue not only will the network be watched around the clock, but they will benefit from less downtime, saving cost and saving their reputation.

    Reply
    1. 9.1

      Richard White

      Tenisha

      Thank you for your comment. I support any business having an MSSP duppprting their cyber program. There is definitely a cost and brand savings attached.

      Reply
  10. 10

    Dane Beichter

    I will admit that I hadn’t considered an auto dealership to be a tempting target for hackers. However, I now realize that they volumes of personal information that they handle for everything from verifying proof of insurance to full on credit reports is ripe for hackers. Perhaps, as hacking evolves, cyber security will have to address business functions that had not been previously considered as tempting or vulnerable.

    Reply
    1. 10.1

      Richard White

      Dane,

      Thank you for your comment. My thought in writing this article is that it is really all about customer data and PII. And I can think of very few businesses that take in so much in frequent well-defined bunches.

      Reply
  11. 11

    Tiffany Winn

    Your suggestion of utilizing a Managed Security Service Provider is genius for so many reasons. First, it provides security experts that will work for you at a fraction of the cost. Secondly, it provides your organization with a larger security footprint that can assist in expansion. Lastly, it provides advanced monitoring and 24/7 assistance.

    Reply
    1. 11.1

      Richard White

      Hi Tiffany,

      Thank you for your comment. Glad we agree on the MSSP.

      Reply
  12. 12

    joseph franklin

    In addition to hacking tools the emergent of virtual machines, web services, and VPN’s that provide various points of presence allow a cybercriminal to obfuscate their path. This adds complexity to the problem when trying to track down the culprit. This article clearly outlines the different level of hackers and different tools they use. The mitigation techniques provide a great starting point to protecting a company’s networks against an attack.

    Reply
    1. 12.1

      Richard White

      Hi Joseph

      Thank you for your comment. I appreciate your insight regarding the tools and complexity – great note regarding obfuscation.

      Reply
  13. 13

    Sincerus A. Kingsly

    As a Cybersecurity Practitioner, I do believe that today in 2018, PII needs to be gaurded more than ever. Everyday hackers are coming up with more and more sophisticated was to access an individuals data. Yes, we have the newbie hackers, or script kiddies, who really don’t know how the network really works and just want to hack just to know that it can be done, These ego driven hackers are very clever because they are constantly learning new was to hack systems, and what is the best way to learn? To hack. I can recall when hacking wasn’t a bad term at all, companies hired penetration testers to basically hack into the network to see how hardened the network actually was. More advanced hackers are committing crimes by accessing data for their own malicious intent, stealing data such as credit card information and social security numbers, PII.

    Where the auto industry is concerned, if we look around us, we see thousands of automobiles emerging that are so called “Smart Cars”. Practically everything in the vehicle is connected to a computer and the onbaard GPS to a satellite somewhere in the universe.. Like you stated earlier, a lot of hackers hack for a “ego-driven” purpose. This also means that these types of hackers are going to go after whats popular, just to say “I did it”. For instance, do you remember when Apple became really popular and then the APP store was hacked on September 20th 2015? hackers are now accessing cars and most are doing it for the ego, “It would be interesting if i can hack a car”. I’ve seen numerous videos where hackers hack into vehicles and steer the vehicle. Vehicle owners are now storing personal data in their vehicles databases such as contact lists and appointments such as doctor visits. Now imagine If someone can access the vehicles database and obtain that individual’s doctors appointment and then go further by hacking into the doctor’s office’s network and then accessing that individuals patient information, this information can be used in many malicious ways. really scary.

    Reply
    1. 13.1

      Richard White

      Sincerus

      Thank you for your comment. Funny that you mention car hacking. I just very recently wrote an article about how to weaponize a self-driving vehicle and noted the cyber implication that go along with. More to come on that….

      Reply
  14. 14

    Jenny Goldston

    To get ready to address any cyber security dangers, dealerships ought to adjust security going through with the particular threats recognized in the risk evaluation, and focus on practical measures. Having an organized rundown of threats empowers a dealership to concentrate its efforts on the areas that matter most and abstain from spending on security technologies or exercises that are less essential or insignificant to fixing identified issues.

    Reply
    1. 14.1

      Richard White

      Hi Jenny,

      Again, thank you for your thoughts. I can without a doubt agree with you. Any organization should always focus on the pragmatic first. Then if necessary the complex, obscure, and maybe even the esotaric.

      Reply
  15. 15

    Dane Beichter

    The importance of cybersecurity cannot be overstated, regardless of industry or economic sector. While many may not see automotive dealerships as targets, one must consider the number of times they access sensitive financial and credit information on their customers. Add to that the POS terminals in most parts and service departments, and they are tempting for hackers. It appears that investing in security is becoming a cost of doing business.

    Reply
    1. 15.1

      Richard White

      Dane

      Thank you again for your comments. Agreed PoS systems are valuable indeed…. just ask Target, TJ Max, and many many others.

      Reply
  16. 16

    Anita A-Saunders

    As you mentioned in your article, all businesses and organizations have to follow strict laws and regulations regarding cybersecurity. An example of this is Congress, who takes time to evaluate and approve new bills.
    The good guy cannot use any unlawful methods or tools, but hackers are free of any restrictions and utilize numerous techniques and technology to circumvent the rules. Therefore, cyber criminals are always a few steps ahead of everyone.
    In order to better protect our e-assets, we need to convince the Senate to move faster and make the right decision, in this lose-lose situation.

    Reply
    1. 16.1

      Richard White

      Anita,

      Thank you for your comments. The good guys are always fighting with one arm tied. Great insight!

      Reply
  17. 17

    John Jewett

    I strongly recommend the contracting of a Managed Security Service Provider for any small to medium sized company that does not have an in house capability. These days cyber crime is within the capabilities of even the more novice “hacker” types. Sadly, an attackers goal of locking out a company’s computers and data with ransomware in order to make money end up costing the company several times what it will pay in lost productivity. A recent Datto survey pegged the costs of a ransomware attack at $8,500 per hour for most small to mid sized businesses. Even worse, the effects generally cause closure of the company 20% of the time. If you’re concerned you don’t have sufficient defense in depth organically, sub-contract it immediately.

    Reply
    1. 17.1

      Richard White

      John,

      Thank you for your comments. We are very closely aligned regarding our thoughts on the usefulness of an MSSP.

      Reply
  18. 18

    Christopher Kuchera

    With the evolution of hacking capabilities, and technology in general, no one is really 100% safe from cyber attacks anymore. This article really provides a good insight into the capabilities and motivations for hackers, and provides excellent mitigation strategies for these hackers.

    Reply
    1. 18.1

      Richard White

      Christopher

      Thank you for your thoughts. I appreciate your comments on the article as well.

      Reply
  19. 19

    April Howard

    Great article on the necessity of a business understanding hacker types and their objectives when considering cybersecurity strategies. The advances in hacking tools and techniques is daunting and the Senate’s inaction is quite unfortunate.

    Reply
    1. 19.1

      Richard White

      Hi April

      Thank you for your comments and pragmatic insight.

      Reply
  20. 20

    James H

    This is a great article. It is well intention that the bottom line remains clear that hackers are evolving at an exponential rate. I would perhaps argue that options with artificial intelligence and the implementation of software defined networking would assist in the fight to stave off the wave of attacks. Hackers, regardless of their financial backing have what most desire most, time. They have the time to determine their “zero day,” that which the “protectors” fear most.

    Reply
    1. 20.1

      Richard White

      James,

      Thank you for your comments. Great insight regarding AI, but I wish I could disagree… but I simply can’t. Also, appreciate the Zero-day aspect. Thanks for contributing.

      Reply
  21. 21

    David Prylo

    This article accurately detailed how a defense-in-depth strategy, Managed Security Service Providers (MSSPs), and various cybersecurity tools such as firewalls and security information and event management (SIEM) tools can be used by automotive dealerships to improve their security posture. In my opinion, it is financially unfeasible for most dealerships to try and build their own successful cybersecurity suite of personnel, tools, and policies. Dealerships that belong to larger corporations like GM or Ford should look to inherit their security controls from their parents organizations. Local, non-affiliated dealerships would likely find it more cost effective to contract a third-party MSSP for their cybersecurity needs. The MSSP could manage the cybersecurity of the dealership’s internal database as well as the security aspects of its customer-facing website and mobile applications.

    Reply
    1. 21.1

      Richard White

      David,

      Thank you for your comments. Excellent thoughts regarding MSSPs and how dealerships can benefit from them. I also appreciate your thoughts regarding the inheriting of security controls from parent organizations – makes cyber more manageable and centralized.

      Reply
  22. 22

    Robert Ada

    A 2016 SC Media article, Auto dealerships database leaked unencrypted PII, reported that “Security researchers discovered millions of car dealership customers’ information leaking from an online database. The leaked data originated from a database product known as LightYear.” This breach provided the full names, addresses, phone numbers, social security numbers, payroll data, and other customers’ and employees’ information. Although this was not due to hackers, luckily it was security researchers who discovered it. The ramifications would have been devastating if a hacker got a hold of this treasure throve of PII. For example, financial loss from customer and employee lawsuits, interruption of business operation, loss of reputation.
    Whether the auto dealership is large, medium, or small, the instant they connect their business online, they are accepting the risk of their information system being hacked. Dr. White is on point with his recommendation for “dealerships develop a plan to detect and correct these events in near real-time.” He provides excellent information security options that are affordable for a wide range of auto dealerships; the 4th generation security information and event management tool and a Managed Security Service Provider for 24/7 eyes on their network. Automotive dealerships should heed this article!

    Reply
  23. 23

    John Jacobs

    Given the complexity of the hacking community and the sophistication and continuous evolution of hacking tools, it would be very advantageous for agencies to work together to develop technologies that can quickly detect intrusions. Also, stating that proper backups would be needed is an excellent point, especially since every attack may not be detected in time to thwart damages that could interrupt the business continuity of an organization.

    Reply
    1. 23.1

      Richard White

      Hi John,

      I agree! Teamwork is key if any organization wants to move the security needle. I always try and mention the importance of backing up critical data. Back up, Back up, Back up! Thank you for your contribution.

      Reply
  24. 24

    Joslyn Bartels

    Assets that are critical to a business or organization must be protected from cybersecurity vulnerabilities. Security countermeasures against known and emerging cyber attacks are continually evolving, expensive and difficult to keep up with. Involving the services of an MSSP plays a vital role to help safeguard investments, sensitive data as well as meet compliance regulations.

    Great article.

    Reply
    1. 24.1

      Richard White

      Hi Joslyn,

      Thank you for your comments and contribution. We are indeed aligned regarding the adoption of MSSP services.

      Reply
  25. 25

    Richard White

    Hi Robert,

    Thank you for your comments. Excellent note regarding LightYear. I even note that specific dealership leak in a previous article. In short, lot’s of valuable data could have been potentially compromised. Thanks for the MSSP validation and kind words and support.

    Reply
  26. 26

    Sean Lohr

    Good article. It’s a shame that the nine cybersecurity bills can’t get through Congress. How many compromises must occur before this becomes a higher priority? Good points on cyber-attacks against the auto industry. Protecting the information is key for any business, to include the auto industry, to ensure both private company and customer data is kept private.

    Reply

Leave a Comment (We Greatly Value Your Input)

Dealership-specific comments or reviews regarding sales or services should be posted on Yelp, Google, etc. where they are frequently monitored and addressed.

Your email address will not be published. Required fields are marked *

Related Articles

© Copyright 2019       All Rights Reserved       View Legal Notice