By Jason Cook, President, Cyber Defense Labs
Over the past few years, the way people research and buy cars has changed dramatically and auto dealerships have had to change dramatically, too. As dealerships have worked hard to respond to potential customers, 90 percent of whom prefer a dealership where they can start the car buying process online, they have rapidly transformed their business processes and adopted new technology platforms. The question is, has their cybersecurity posture kept up?
Any time an organization makes technology updates or adjusts their digital processes, it’s critical that they also assess their security posture. Working with several dealerships over the past couple of years, we have come to understand that while dealership owners and operators realize that cybersecurity is critical to their operations, they sometimes conflate cyber expertise and information technology, and understandably lack the technical expertise to recognize how digital transformations may expose their organization to risk.
To know whether your dealership is managing risk effectively and protecting the business you have worked so hard to build, consider an independent risk assessment.
A comprehensive cybersecurity assessment will help your dealership in three keyways:
- Validate your cyber strengths and identify weaknesses: Simply knowing where your investments are paying off and where you may still have vulnerabilities will help you close existing weaknesses that are open for criminals to exploit. A thorough assessment provides you with a detailed report to help you prioritize investments based on criticality and where they are needed most, earning you the greatest return on security for the resources you are investing.
- Don’t overlook policies and procedures: Managing cyber risk is not just about the technology you use. It’s also important to review and evaluate current policies, programs and procedures. This helps ensure your organization is evaluating and communicating risk consistently while supporting your ability to quickly identify and address threats that could ultimately impact your dealership operations and business objectives if left undetected or ignored. Assessing these existing processes can also give you confidence that, if you do have an attack or a breach, your team knows who to call and what to do to minimize damage to your business.
- Keep your leadership informed: An independent assessment can also help independently validate the investments made to date, providing executive leadership with peace of mind and confidence in the security approach your team is taking. While you may have a talented team, it can sometimes be challenging for subordinates to report bad news up the chain of command. Doing an independent assessment helps you, and your leadership, verify information, map out known and anticipated business risks, and institute a plan to address them in a prioritized order.
Finally, a robust cybersecurity assessment should also ensure that your cybersecurity strategy is tied to your overarching business strategy and priorities. It should look holistically across your risk environment, addressing your unique business processes, business priorities and most valued assets.
Auto dealerships can be attractive targets for cyber criminals because they collect, gather, share and store vast amounts of customer data. Many also have widespread operations and multiple points of entry. Cyber Defense Labs has the experience working with dealerships to help you assess and understand your risk landscape and make investments that will protect your business.
For more information about assessing and managing your cyber risk, please join us for the upcoming NADA webinar, Do You Know What Your Cybersecurity Risk Is?, on October 5.