Bartek Czerwinski
June 7, 2023

The Next Big Focus for Dealerships: Data Security Over Innovation

As someone deeply involved in digital innovation and transformation across the automotive industry, I’ve always emphasized the importance of adopting new technologies. However, given the recent surge in cyberattacks, it's clear that the next three years will be less about retail innovation and more about securing data processes, protocols, and integrations between DMS, dealers, third-party vendors, and OEMs.

Why This Shift is Urgent

Recent cyberattacks in the automotive sector underscore the urgency of this focus. For example:

  1. CDK Global Attack - ransomware attack disrupted thousands of dealerships, causing significant financial losses.
  2. AutoCanada Breach - sensitive customer data was compromised, highlighting vulnerabilities in dealership networks.
  3. Toyota Data Breach - hackers leaked 240GB of sensitive data, affecting customer and employee information.
  4. Sonic Automotive Cyberattack - prolonged outage severely impacted sales and operations.
  5. UK's Pendragon, Arnold Clark Hacks - sophisticated ransomware attacks led to unauthorized access to critical dealership systems and leakage of data.

These incidents demonstrate that dealerships are prime targets due to the wealth of sensitive data they hold. As regulations tighten, including the revised FTC Safeguards Rule, dealerships must prioritize data security and compliance to avoid severe consequences.

Are We Focused on The Wrong Thing?

There is one more thing that these incidents exposed. It is the inadequacy of existing standards like ISO 27001 and SOC 2 when it comes to addressing the unique and evolving threats in the automotive sector. While these certifications provide a foundational level of security, they are not tailored to the specific challenges of interconnected dealership systems and the growing complexity of automotive cybersecurity.

The Need for a New Certification

The current standards, such as ISO 27001 and SOC 2, while valuable, often fall short in addressing the specific security needs of automotive dealerships. The automotive industry’s rapidly evolving technology landscape—ranging from connected vehicles to complex software ecosystems—demands a new security standard that is specifically designed to address these challenges.

This new standard would need to incorporate elements like:

  • End-to-end encryption, ensuring that all data, whether at rest or in transit, is fully encrypted.
  • Real-time threat monitoring, continuous monitoring for threats across all dealership systems and vendor connections.
  • Advanced authentication protocols, implementing multi-factor and biometric authentication methods to secure access to sensitive systems.
  • Comprehensive compliance measures, aligning with global privacy laws like GDPR, but also incorporating specific automotive industry requirements.
  • Automotive-specific risk management, tailoring risk management frameworks to address vulnerabilities unique to connected vehicles and dealership networks.

10-Point Action Plan for Dealerships

  1. Conduct regular security audits. Identify vulnerabilities and update protocols regularly.
  2. Implement multi-factor authentication. Strengthen access controls with advanced authentication methods.
  3. Encrypt all data. Ensure comprehensive encryption of customer and operational data.
  4. Train employees continuously. Regularly update staff on cybersecurity best practices.
  5. Develop incident response plans. Prepare for potential breaches with a clear and actionable response plan.
  6. Secure third-party integrations. Thoroughly vet and monitor all third-party vendors for compliance with the new standard.
  7. Update systems regularly. Keep all dealership software and systems up-to-date with the latest security patches.
  8. Monitor networks continuously. Use real-time monitoring tools to detect and respond to threats quickly.
  9. Limit access to data. Restrict access based on roles to minimize potential exposure.
  10. Ensure compliance. Stay informed and compliant with emerging security standards tailored to the automotive industry.

In conclusion, while innovation will always be a cornerstone of growth, the immediate priority for dealerships must be securing their data and systems. Developing a new, industry-specific security standard is essential to safeguarding against the increasing threat of cyberattacks, ultimately ensuring the long-term success and security of the automotive industry.

Empowering automotive dealers and OEMs to navigate the complexities of the digital transformation with confidence.

HomeExpertiseNewsContact
© Copyright 2024