Dealers vulnerable to hackers, survey warns
June 20, 2016
Shah Sheikh (1294 articles)

Dealers vulnerable to hackers, survey warns

A new survey suggests some dealerships could be vulnerable to cyberattacks that endanger the personal information of their customers.

Such data breaches not only would prove an immediate business threat to dealerships, they also could result in spooked consumers never doing business with hacked stores again, the study warned.

Total Dealer Compliance, a New York City auditing firm, surveyed 200 dealerships in five states to show the impact of data security on the sales and reputations of dealerships. TDC conducts security audits for all areas of dealerships.

The survey found that nearly 84 percent of consumers would not buy another car from a dealership after their data had been compromised by a breach at the dealership.

Lack of confidence

The study also found that around 33 percent of consumers lack confidence in the security of their personal and financial data when buying a vehicle at a dealership.

Car dealerships can be prime locations for hackers looking for personal data.

Dealerships, in some cases, could have more information on consumers than their local banks do, says TDC President Max Zanan. From a hacker’s perspective, Zanan said, it’s much easier to hack a dealership than a bank.

Zanan pointed to service departments, which usually have Wi-Fi connections available for customers, as potential weak spots that hackers can exploit. If the Wi-Fi is not separate from the main network of a dealership, Zanan said, it would take a sophisticated hacker only six minutes to break into it.

It often takes a dealership much longer to discover the breach — the average is 208 days, Zanan said.

Cash is one issue holding some stores back. Zanan said having dedicated security personnel on staff can be an expensive prospect for smaller stores.

Only 30 percent of the surveyed dealerships employ a network engineer with computer security certifications and training.

“A lot of dealerships do their best. They do enter into contracts with third parties and they outsource some of their day-to-day computer work,” Zanan toldAutomotive News. “They rarely think they can be victims of a hacker. What they don’t realize is if it happens, their customers aren’t coming back.”

Out of date

Some stores can open themselves up to security failings by not being vigilant. For instance, TDC’s survey found that more than 70 percent of dealerships are not up to date on their anti-virus software.

The majority of surveyed dealerships aren’t confronting their weaknesses to see where improvement is needed, TDC concluded. The survey reported that only 25 percent of dealerships have hired third-party vendors to try to hack into their networks to test their vulnerability.

A “White Hat” hacker, Zanan said, can get into a dealership’s network and make recommendations on fixes. For example, he said, a hacker could inform stores that they need to change a firewall configuration or adjust other server settings.

Dealerships are under pressure to hit sales targets, so their primary focus is on delivering cars. This can lead to stores making mistakes.

Zanan said it would be beneficial if automakers themselves stepped in to help out dealerships that need funding to shore up their security.

“At the end of the day, people know you as a Chevy dealer,” Zanan said, using Chevrolet as a hypothetical example. “And if something happens to the dealership, it negatively reflects on Chevrolet itself.”

Source | AutoNews