The auto industry is waking up to cybercrime

A recent spike in cyberattacks targeting automotive businesses has heightened awareness toward the car industry’s ability (or lack thereof) to defend itself from digital threats.

Why this matters: In light of this week’s CDK breach, which closed access to critical tools thousands of dealers depend on to conduct business efficiently, it is clear that the industry needs to adopt new strategies to prevent or reduce the impact of cybersecurity incidents. While data shows that bad actors have been increasingly exploiting vulnerabilities in the car sector for some time, it appears that the threat is finally being acknowledged by major players, re-energizing investments in digital security.

The bad news: While one of the most significant in terms of scope, CDK’s breach is only the latest in a slew of attacks targeting automotive retailers and manufacturers. Here’s a brief list of some of the major attacks over the last year:

  • This January, two attacks, one targeting Hyundai’s Europe division the other Asbury Automotive Group in the U.S., resulted in terabytes of stolen data and loss of revenue due to systems being rendered inoperable by ransomware.

  • Manufacturing vendors such as CIE Automotive and Jasman have also faced breaches over the last year. Some incidents have been linked to the same criminal organizations, such as Cactus, which was responsible for the attacks against CIE and Asbury.

  • CDK’s attack also comes hot on the heels of Findlay Automotive Group’s breach last week, which has already brought on a lawsuit accusing the company of negligence.

The good news: Rockwell Automation, a manufacturing solutions provider serving the car industry, published a study this week examining survey responses from key leaders across the automotive sector. Here are the relevant takeaways:

  • Research participants ranked cybersecurity as the number one challenge to their operations.

  • This represents a sharp spike in interest around digital threats in a relatively short amount of time. Last year, Rockwell Automation’s survey listed cybersecurity as the 9th most important obstacle.

Big picture: It’s clear that cybercriminals are wising up to the vulnerabilities present in the automotive sector, meaning the number of attacks is only going to increase as time goes on. Unfortunately, it also appears that the industry itself is the last to recognize the severity of this threat. And as cars become more software-reliant, there’s also an increasing likelihood that attacks will begin targeting products rather than infrastructure. But as the saying goes, “better late than never.”

Where do we go from here? There are a few temporary options on the table for reducing the impact of cyberattacks, although reducing the volume will require more long-term solutions. Here’s a couple ideas: 

  • Less consolidation: Major vendors like CDK provide solutions utilized by a majority of dealerships, increasing the number of affected parties when these companies are attacked. More competition in the sector would increase the number of systems utilized by dealers, meaning hackers would have to breach multiple platforms to create the same level of impact. At the same time, this increases the complexity of dealership toolkits, which already suffer from a lack of integration. But at a certain point, security is far more valuable than convenience. Yossi Levi, aka Car Dealership Guy, addressed this in more detail last night in his appearance on CNBC, which you can watch here.

  • More transparency: Being fully transparent with clients when cyberattacks occur is key to reducing lingering effects. The earlier and better informed users are the faster they can take steps to protect themselves. From a public relations perspective, staying in touch with customers throughout the extent of a crisis also mitigates reputation damage, as it puts your efforts to remediate the issue on display while giving you a chance to incorporate feedback and alleviate concerns.

Bottom line: While businesses and consumers are and have been at risk for some time, the increase in awareness also creates opportunities for new solutions to be brought to the table. Now that major leaders across the industry have woken up to the danger, it’s only a matter of time before we see a paradigm shift in how everyone, from manufacturers to dealers, approach digital security. Resilience, after all, is one of the key strengths of the car business.

Become an automotive insider in just 5 minutes.

Get the weekly email that delivers transparent insights into the car market.

Join 66,000 others now, it's free:

Boost sales with Bumper.com's vehicle history reports, featuring NMVTIS data. Our reports can enhance trust and help you close deals faster.

As an NMVTIS-approved data provider, Bumper.com offers essential information crucial for auto dealers. Discover how our tools can help transform your business and streamline operations.

Connect with us at NIADA booth #613 or schedule a demo to learn how Bumper.com can help elevate your dealership's performance and take your sales to the next level.

Reply

or to participate.