Cybersecurity Concerns: Fortify Your Data Defenses

Published in New England Automotive Report – Thomas Greco Publishing

Protecting your shop’s assets requires forethought and preparation, and these days, data is often considered more valuable than gold.

Headlines over the summer featured a cyberattack against CDK Global – used by 15,000 dealerships – which led the software to be shut down for weeks, causing parts supply disruptions across the country. Although CDK’s situation has been resolved, the data breach raises concerns about what level of risk cybercriminals pose to automotive businesses.

A 2023 report conducted by CDK (bit.ly/CDKreport2023) indicated that 17 percent of dealers experienced a cyberattack in the previous year. And cyberattacks prove increasingly costly. Citing research from ransomware specialty company Coveware, the report indicated, “The average cybercriminal financial payout dramatically increased from $44,000 in 2019 to $740,144 in 2023.”

So, how can collision shops protect themselves and their customers from cybersecurity threats?

First and foremost, shop owners need to understand that cybersecurity is a concern. “Don’t be naive; many people believe this can never happen to them, but it CAN happen,” insists Mike Anderson (Collision Advice). “It has happened to large shops, and it has happened to small shops. You have to be prepared.”

Shops can take many steps to “fortify their defenses against cyber threats,” according to Brandon Laur (CCi Global Technologies), who recommends “implementing robust security measures, including regular software updates, firewalls and advanced threat detection systems to protect sensitive data. Employee training is equally vital, with regular sessions on recognizing and responding to threats like phishing and social engineering.”

David Willett (Spark Underwriters) agrees and points out that this year’s Presidential election necessitates increased diligence since cybercriminals are apt to play on people’s emotions by hiding attacks within clickbait links. “You and your employees should be scrutinizing emails now more than ever. It’s better to receive multiple requests instead of clicking on something suspicious. 

“One thing that shops often overlook is the use of personal devices on their shop’s private Wi-Fi,” he adds. “Shops may feel protected because they set up a separate network for customers, but when they allow their employees to use personal devices on the private network, they’re opening themselves up to attack. The shop’s Wi-Fi should be used only for shop devices to keep it secure. Phones are typically our least protected personal devices, so I suggest installing a VPN to enhance phone security.”

Some other steps that shops should implement include “Maintaining comprehensive and regular backups of all critical data. Collision shops should also develop and routinely test disaster recovery plans to ensure quick restoration of operations in case of an attack,” Laur explains, noting, “The CDK incident highlights the need to assess and monitor the cybersecurity practices of vendors and partners. Collision shops should require their partners to adhere to stringent security standards to prevent vulnerabilities from being exploited through third-party connections.”

Willett compares the CDK scenario to what would happen if an information provider, like CCC or Mitchell, suffered a similar attack. “They have a lot of code and are involved with multiple businesses, so shops would have a lot of exposure if they were hacked.”

Maintaining regulatory compliance is imperative. “Collision shops should stay informed about legal requirements related to data protection and ensure timely reporting of breaches to relevant authorities,” Laur stresses. “Having a detailed and tested incident response plan in place is vital. This plan should outline steps for identifying, containing and mitigating the impact of a breach. It should also include communication strategies for informing customers and stakeholders about the incident.”

Anderson agrees, likening it to a fire drill. “We have fire drills to make sure everyone knows the protocol to follow in case of an emergency. Likewise, you should have a conversation with your IT department to determine how to handle a potential attack. You need to know what to do in advance. Is your server in the building? Should everyone shut down their devices immediately? Who is responsible for performing which actions? Knowing the protocol in advance just might help you act quick enough to avoid having to pay a ransom. Of all the shops I know that have been hacked, all except one had to pay the ransom; one paid out $13,000 in bitcoin!”

He urges shops to verify that their backup servers are working properly on a regular basis, to educate staff on safety precautions and to implement dual authentication, using two methods to verify that someone is who they claim to be before accessing sensitive information and systems. “It’s also important to make sure that shops have the proper insurance coverage to protect their business if something does happen,” Anderson advises.

While Willett agrees that having the right business insurance is a key component to protecting one’s business from any type of tragedy, including a cybersecurity attack, he cautions, “Having a larger policy doesn’t mean you won’t be attacked; in fact, it may make you a larger target! Shops should absolutely make sure they have adequate coverage – and I encourage all business owners to conduct a review of potential exposures and how their policies protect them annually at a minimum – but insurance is not on an island by itself; it should work cohesively with your risk management plan.”

Engaging in an open discussion with one’s IT resource and insurance carrier can highlight areas of exposure and help identify gaps that need to be filled. Referencing 23 NYCRR 500, a list of cybersecurity requirements for financial institutions (available at bit.ly/23RR500), Willett suggests using this as a benchmark to determine how one’s business compares; however, he emphasizes that shop owners should not be spending a significant amount of time on these concerns. “You should be relying on experts in these matters to service your shop’s needs.”

Although shops should lean on cybersecurity professionals to ensure their ramparts are secure, it’s beneficial to understand where an attack may come from. “Collision shops should be aware of several common forms of cyberattacks that could target their operations,” Laur says. “Understanding these threats can help in implementing effective security measures.

“Phishing is one of the most prevalent forms of cyberattacks, where attackers use fraudulent emails or messages to trick employees into revealing sensitive information, such as login credentials or financial information,” he continues, reiterating the need to train staff to recognize and support suspicious email. 

Shops should also be on the lookout for ransomware and malware attacks. “Ransomware attacks involve malicious software that encrypts the victim’s data, rendering it inaccessible until a ransom is paid. Regular backups and having a robust incident response plan can mitigate the impact of such attacks,” Laur offers. “Malware encompasses various types of malicious software, including viruses, worms and spyware. These programs can disrupt operations, steal data or give attackers control over the shop’s systems. Installing and updating antivirus software and conducting regular scans can help protect against malware.”

He also shares thoughts on some other common types of cyberattack: “Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks, aimed at overwhelming networks, can be mitigated with firewalls and traffic monitoring. Insider threats, whether intentional or unintentional, can be controlled through strict access controls and user activity monitoring. SQL injection attacks, which exploit database vulnerabilities, can be prevented by securely coding web applications. Credential stuffing, where attackers use stolen credentials, can be reduced with strong, unique passwords and multi-factor authentication (MFA). Social engineering attacks manipulate individuals into divulging confidential information and can include pretexting, baiting and tailgating. Regular employee training on security awareness is crucial to prevent these attacks.”

Anderson also mentions how social engineering can be used via phone call or even social media. “Cybercriminals can hack your information without accessing your computer as well. You might receive a call asking you to transfer funds from one account to another, or hackers may use your image to create a fake Facebook account with nefarious intentions. There are many ways they can fake your voice and your image to gain access to your information, so we have to be wary anytime someone is asking us for sensitive data, especially financial information.”

What are some signs that shops can look out for that may indicate a cyberattack? “Signs of a cyberattack include unusual account activity, such as unexpected login attempts or multiple failed logins indicating brute force attacks,” Laur warns. “Strange network traffic, like high traffic from unknown IPs or unexpected data flows, may signal data exfiltration. Slow system performance can indicate malware or a DoS attack. Unexpected pop-ups or ransom messages suggest adware or ransomware infections. Unauthorized software installations or system changes without user consent are red flags. Unusual file changes, disabled security software and phishing indicators like suspicious emails are also signs. Additionally, strange program behavior, unusual account actions, access log anomalies and alerts from monitoring tools can all indicate a potential cyber threat.

“Collision shops can safeguard against cyberattacks through comprehensive measures,” he adds. “These include ensuring robust software and systems security by regularly updating antivirus software, deploying firewalls, using intrusion detection systems and maintaining software patches. Network and infrastructure security involves segmenting networks, securing Wi-Fi with strong encryption, regularly backing up data and encrypting sensitive information. Employee training is critical with regular cybersecurity sessions, phishing simulations and clear policies on passwords and sensitive data handling. Implementing multi-factor authentication, role-based access controls and conducting regular access audits enhance access controls and authentication. Cyber insurance provides financial protection against incidents like data breaches and ransomware attacks. Incident response planning is vital, involving the development of detailed response plans, regular drills and establishing response teams. Lastly, ensuring vendor and partner security by assessing their cybersecurity practices and monitoring third-party access helps prevent unauthorized breaches through external connections.”

Of course, no one can safeguard against every scenario, and as businesses become more adept at protecting against common cybersecurity risks, cybercriminals grow more innovative in their attacks. If a shop suspects that they are under attack, “immediate actions are crucial,” Laur emphasizes. “They should contain the breach by disconnecting affected systems and disabling compromised accounts to prevent further damage. Preserve evidence by documenting details like the attack time and affected systems. Activate their incident response plan promptly, notifying their response team and relevant stakeholders. Next, assessing the attack’s scope helps determine affected systems and the attack type. Mitigating the threat involves removing malware, applying patches and enhancing access controls. 

“Communication is key,” he reiterates. “Notifying affected parties and authorities and complying with breach notification requirements is necessary. During recovery, restoring systems from backups and monitoring for residual threats with Intrusion Detection and Prevention Systems is critical. Post-incident, conducting a thorough analysis, updating security measures and enhancing employee training on cybersecurity ensure readiness for future incidents.”

The idea of experiencing a cyberattack may be frightening and even a bit overwhelming, but preparing for the possibility of this type of scenario could be essential to your business’ survival. “It’s not going away,” Willett stresses as he urges shops to do their due diligence ahead of time in order to shield their shops.