close
close

Preventing Further Cyber ​​Disruption in Troubled US Automotive Sector

Posted on by darion

Tesla faces growing competition in the electric vehicle sector, with a growing number of Chinese manufacturers as well as traditional car companies such as General Motors and Volkswagen – Copyright AFP/File SAUL LOEB

Many North American car dealerships have been hit by cyberattacks. Faced with severe disruptions, many have turned to pen and paper to keep their businesses afloat. The cyberattacks targeted a company whose software is widely used in the automotive retail sector.

Mike Toole, Blumira’s Chief Security and IT Officer, takes a look at the incident and begins by describing what happened during the attack: “As of June 9, car dealerships handling sensitive customer financial information must comply with the updated FTC Safeguards Rule.”

However, the lessons learned should lead to a stronger automotive sector: “This new rule provides an opportunity for the industry to come together, share best practices and ultimately strengthen individual organizations’ cybersecurity postures.”

But how do you approach these necessary improvements? Toole advises: “For decision makers at car dealerships wondering where to begin implementing solid safety measures, here are some industry best practices to consider…”

Toole offers the following ideas:

Identify key suppliers and systems

  • Inventory: Conduct an inventory of all third-party systems used in your dealership.
  • Critical Systems: Assess which supplier systems are critical to your day-to-day operations (e.g. DMS, CRM, inventory management). Prioritize these systems based on their importance and potential impact if breached.

Assess security measures

  • Supplier Security: Check if your suppliers have basic cybersecurity measures in place. Ask them about their security practices and if they have any certifications (e.g. ISO 27001).
  • System security: Make sure your critical systems are protected with strong passwords, regular updates, and antivirus software.

Limit blast radius

  • Network Segmentation: Divide your network into separate segments. For example, separate sales and finance systems. That way, if one part of your network is compromised, the others remain safe.
  • Least privilege: Apply the principle of least privilege to supplier access to your systems. Use multi-factor authentication (MFA) wherever possible. Regularly review and update access controls for supplier accounts.
  • Monitoring: Monitor supplier systems and implement mechanisms to detect and respond to threats.

Backup and recovery

  • Regular Backups: Ensure that all critical data is backed up regularly. Store backups in a secure, off-site location that is still easily accessible. Consider having redundant systems or alternate vendors for critical functions.
  • Recovery Plan: Create detailed business continuity plans for each critical supplier system. Establish alternate processes or manual workarounds for key functions.
  • Testing: Test and update these backup processes once a year.

Toole adds, “As your business adapts to these policy changes, it’s critical to view the new rules through the lens of collective progress. Every new safety measure implemented, every lesson learned from the simulation, and every collaborative effort among dealers contributes to the overall resilience of the automotive industry.

His final piece of advice is: “Looking ahead, the true measure of success won’t be avoiding every possible threat—an unrealistic goal in today’s digital world—but how quickly and effectively you respond when challenges arise. By fostering a culture of openness, continuous learning, and mutual support, decision-makers in car dealerships can protect their individual businesses and strengthen the entire automotive ecosystem. In this way, industry leaders can protect operations and strengthen customer trust.”