By Erik Nachbahr, President and Founder Helion Technologies Cybercrime poses a constant threat to businesses and their customers, with criminals committing fraud by stealing identities or using phishing to illegally gain access to a company’s computer network. In recent years, cybercriminal attacks have caused major consumer information breaches at retailers, on social media platforms, and with credit information providers. Seventy-four percent of companies have been the targets of attempted or actual payments (check, wire, or ACH) fraud. The pace of attack increased in 2020, with two-thirds of companies reporting an increase in fraud attempts since the COVID-19 crisis began.2 And anti-fraud professionals are almost unanimous in predicting an increase in fraud.2 Cybercrime attacks — from ransomware to payments fraud — show no sign of going away. “Many dealers don’t think hackers are looking at them,” explains Erik Nachbahr, Certified Information System Security Professional (CISSP) and President and Founder of Helion Technologies, an IT/cybersecurity services provider exclusively serving the needs of auto and heavy truck dealers. “Dealerships are increasingly a target of cyber threats with their high volume of large dollar transactions and lack of digital security.” As criminals develop more sophisticated cybercrime techniques and states implement stricter consumer privacy legislation, cybersecurity and data protection should be top priorities for dealers. That means heightened security to ensure data privacy, combat potential attacks, and mitigate losses. According to the 2021 IBM/Ponemon “Cost of a Breach Report,” it takes an average of 287 days to identify and contain an attack. Data breaches that took longer than 200 days to identify and contain cost an average of $4.87 million, while those that took less than that cost an average of $3.61 million. Lost business accounted for 38% of the overall cost, including increased customer turnover, lost revenue from system downtime, and additional marketing expenses to overcome damage to the business’s reputation.3 Key Dealership Cybercrime Threats Dealerships generally have a complex technology architecture that makes cyberattack protection challenging. “Many dealership computer systems have hardware added in a one-off manner, are built without a complete system plan, and utilize older, outdated software. In some cases, they underpower their virus protection by using freeware software. Further, weak security protocols that allow user account sharing can undermine a dealer’s business,” Mr. Nachbahr explains. Increasingly sophisticated ransomware attacks targeting dealerships are on the rise. “These criminals know dealerships have money and are aware of dealer vulnerabilities. That makes dealerships a lucrative target,” continues Mr. Nachbahr. “The attacks aren’t typical automated intrusions; they are enterprise-grade attacks with live hackers combing through a dealer’s systems. Because dealers have many, disparate components and don’t tend to use standard protocols, once their systems are exploited, the breach is difficult to fix.” Other cyber threats focus on personally identifiable information (PII) which can be stolen and resold to bad actors. Forty-four percent of data breaches included customer PII, making it the number one type of data stolen.3 Dealerships regularly handle vast amounts of PII, particularly financial information, so it’s no wonder they’re an attractive cybercrime target. In today’s environment, protecting dealership computer systems and their customer data is essential. “As cybercriminals are becoming increasingly adept, more dealers are realizing an attack could be a ‘business-ender.’ Forward-thinking dealers are investing in technologies that protect against these full-scale attacks. Information technology security is now being viewed as a priority, not simply an expense to be controlled,” states Mr. Nachbahr. Identify Threats and Build Defenses Is Your Dealership Prepared to Deal with Cybercrime? 18
RkJQdWJsaXNoZXIy MTg3NDExNQ==