Tag: CTO

Top 8 Car Dealer Security Tools

Today’s post on Information Security is coauthored by ISC2 2024 Board Chair Dan Houser

This time last year, CDK Global was hacked and ransomed. Fifteen thousand dealers were locked out of their systems, causing an estimated $1 billion in losses. CDK suffered a follow-up attack, which disrupted their efforts to recover. Car dealers also faced a secondary wave of scam artists looking to profit from the confusion.

We did quarterly audits with a checklist, counting violations like passwords on sticky notes, unlocked cabinets, and contracts left out.

Car dealers are a hacker’s dream target. Here you have a lucrative business with many employees, high turnover, and disparate computer systems. While big dealer groups have security teams and contingency plans, smaller groups are poorly equipped to handle security. Sophos describes ransomware as an “existential threat” for a small business.

I have written before about the special challenges facing smaller dealers, and this is another example. In today’s post, we’ll cover the “software stack” of tools you need to protect your dealership.

Dealership Security Stack

These eight tools are the minimum you need to keep your dealership safe. The working title for this post was “top ten,” but we were able to narrow it down.

  1. Managed Detection and Response – CrowdStrike, SentinelOne
  2. Vulnerability Scanning – Rapid7, Tenable
  3. Multifactor Authentication – Microsoft, Duo
  4. Next-Gen Firewall – Cisco, Fortinet
  5. Security Awareness Training – Ninjio, KnowBe4
  6. Secure Backups – Veeam, Acronis
  7. Email Scanner – Mimecast, Abnormal, Proofpoint
  8. Antivirus – Sophos, McAfee, Bitdefender

Managed Detection and Response

This would have been a “top ten” list, including endpoint detection, response, and incident management. Nowadays, these all roll up into bundled services like Arctic Wolf, which may include “eyes on glass” in a Security Operations Center (SOC). An outsourced SOC is key for early detection, unless you feel like hiring your own staff to watch the monitors 24/7.

Vulnerability Scanning

According to Sophos, exploited vulnerabilities are the leading cause of ransomware attacks, particularly when coupled with phishing. Hackers regularly devise new ways to compromise popular systems. Whenever a new “exploit” is discovered, vendors rush to deliver a patch for it. Scanners like Rapid 7 warn you of unpatched vulnerabilities.

Multifactor Authentication

This is where, in addition to the password, a system confirms your identity a second way, like sending a text message to your phone. All systems should have this, including your dealership’s network.

Next-Gen Firewall

It may seem like your network is self-contained, but it has internet traffic with your OEM portal, your DMS vendor, and F&I platforms – to name just a few. These should all be certified and encrypted, but a wily hacker might still compromise the connection. An advanced firewall can inspect network traffic, looking for suspicious data packets.

Security Awareness Training

Trained employees are your first line of defense against the top two attack vectors – account takeover and email compromise. Dan motivates his training with “InfoSec at Home,” like protecting your personal Wi-Fi and keeping your kids safe online.

Awareness training software includes hitting your employees with simulated phishing attacks, and follow-up training for the “easy clickers.”  I like Ninjio because the lessons are short, topical, and entertaining – perfect for the kind of personnel and turnover you have in a dealership.

Secure Backups

Backing up your data is super important. During the CDK attack, many dealers discovered their data was on CDK and nowhere else. In 57% of ransom attacks, victims could not restore their data because the hackers had also compromised their backups.

Use the 3-2-1 rule: Have three copies of your data, including the primary system, with two in different places, like a NAS device with cloud storage, and one of these offsite. The offsite copy should be isolated from any network access.

Email Scanner

A common attack vector is malicious software sent via email, or “man in the middle” impersonation attacks. I know of one dealer who wired $250,000 to a hacker’s account, because the wire instructions appeared to come from an OEM’s email. You’ll need a scanner like Mimecast, with some kind of pattern matching (AI) and a deep blacklist, to keep evildoers out of your inbox.

Antivirus

You should have antivirus software running on all your computers, and managed at the network level. Most car dealers will be running Windows LAN with Active Directory, and you can use that to push Defender or Symantec to all computers in the domain.

Once your security stack is in place, you’ll need to test it. There are various ways to do this. You can hire consultants to check your work, run scans, and maybe even try to break in – a “penetration test.” You can also run a “tabletop exercise,” in which you simulate how you would deal with a major security incident.

As a CTO, I find that an increasing share of my attention must now be devoted to Information Security. Having come up as a developer, this is not my favorite thing. So, the first thing on my list is to consult a certified security professional – like Dan.

Hire a CISO. This means Chief Information Security Officer. The list of interview questions is long, but my personal favorite is: tell me about a notable incident and how you handled it. If you can’t afford someone full time, you can retain a part-time “virtual” CISO.