Cyber Score Comparison for Car Dealerships
Check out the Cyber Score Stack Up of 1000 Car Dealerships in the USA
Stacking Up Cyber Security for Car Dealerships
As a cybersecurity blogger, I have been deeply invested in understanding the landscape of small business cybersecurity. Recently, I undertook a comprehensive study of the cybersecurity practices of 1000 car dealerships across America. This blog post aims to share my findings and shed light on how well these dealerships are protecting their data and their customers' information.
Why Car Dealerships Need Robust Cybersecurity
Car dealerships, like many other small businesses, are increasingly becoming targets for cyberattacks. These attacks can result in dealership data breaches, data leaks, and cyberattacks, leading to severe financial and reputational damage. Ensuring robust dealership IT security is no longer optional but a critical necessity.
What makes car dealerships particularly valuable targets to cybercriminals? Car dealerships handle a wealth of sensitive customer financial data, including credit applications and personal identification details. This data is incredibly valuable on the black market, making dealerships prime targets for cyberattacks.
Car dealerships handle a wealth of sensitive customer financial data, including credit applications and personal identification details.
Recently, a major cyberattack on CDK Global, a key provider of dealership management software, highlighted the vulnerability of car dealerships. This attack forced more than half of US car dealerships to shut down critical systems, leaving many unable to process sales or service vehicles, and impacting their operations severely (Cyber Security News) (Zero Security). This incident serves as a stark reminder of the importance of robust cybersecurity measures for dealerships.
Dark Web Breaches
One of the first parameters I investigated was whether the corporate email addresses of these dealerships were included in dark web breaches. By searching through dark web breach databases, I found that a significant number of dealerships had their work accounts exposed. This exposure can lead to dealership data breaches, putting sensitive information at risk.
Findings:
- Over 96% of the dealerships had at least one email address found in dark web breaches.
- One dealership had 542 dark web breaches for just 40 employees
Potential Exploits by Cybercriminals: Cybercriminals can use these breached email addresses to launch phishing attacks. By pretending to be trusted sources, they can trick employees into revealing sensitive information or clicking on malicious links that could infect the dealership's network with malware.
Email Impersonation Protection
Email impersonation is a common tactic used by cybercriminals to trick employees and customers. To combat this, dealerships need to have proper DMARC, DKIM, and SPF settings in their DNS records. These settings help prevent criminals from sending emails pretending to be from their work accounts.
Findings:
- Only 11% of the dealerships had proper DMARC, DKIM, and SPF settings.
- This is a huge risk for dealers because it means that any criminal can impersonate the emails of 89% of all American automotive dealerships
- Imagine getting a notice that your car payment is overdue and it looks like it can from the dealership.....but really that email is coming from a scammer
Potential Exploits by Cybercriminals: Without these protections, criminals can easily impersonate dealership employees in emails. This could lead to fraud, as customers might be tricked into making payments to fake accounts, or employees might unknowingly share sensitive information with attackers.
Stacking Up Cyber Security for Car Dealerships
As a cybersecurity blogger, I have been deeply invested in understanding the landscape of small business cybersecurity. Recently, I undertook a comprehensive study of the cybersecurity practices of 1000 car dealerships across America. This blog post aims to share my findings and shed light on how well these dealerships are protecting their data and their customers' information.
Why Car Dealerships Need Robust Cybersecurity
Car dealerships, like many other small businesses, are increasingly becoming targets for cyberattacks. These attacks can result in dealership data breaches, data leaks, and cyberattacks, leading to severe financial and reputational damage. Ensuring robust dealership IT security is no longer optional but a critical necessity.
What makes car dealerships particularly valuable targets to cybercriminals? Car dealerships handle a wealth of sensitive customer financial data, including credit applications and personal identification details. This data is incredibly valuable on the black market, making dealerships prime targets for cyberattacks.
Car dealerships handle a wealth of sensitive customer financial data, including credit applications and personal identification details.
Recently, a major cyberattack on CDK Global, a key provider of dealership management software, highlighted the vulnerability of car dealerships. This attack forced more than half of US car dealerships to shut down critical systems, leaving many unable to process sales or service vehicles, and impacting their operations severely (Cyber Security News) (Zero Security). This incident serves as a stark reminder of the importance of robust cybersecurity measures for dealerships.
Dark Web Breaches
One of the first parameters I investigated was whether the corporate email addresses of these dealerships were included in dark web breaches. By searching through dark web breach databases, I found that a significant number of dealerships had their work accounts exposed. This exposure can lead to dealership data breaches, putting sensitive information at risk.
Findings:
- Over 96% of the dealerships had at least one email address found in dark web breaches.
- One dealership had 542 dark web breaches for just 40 employees
Potential Exploits by Cybercriminals: Cybercriminals can use these breached email addresses to launch phishing attacks. By pretending to be trusted sources, they can trick employees into revealing sensitive information or clicking on malicious links that could infect the dealership's network with malware.
Email Impersonation Protection
Email impersonation is a common tactic used by cybercriminals to trick employees and customers. To combat this, dealerships need to have proper DMARC, DKIM, and SPF settings in their DNS records. These settings help prevent criminals from sending emails pretending to be from their work accounts.
Findings:
- Only 11% of the dealerships had proper DMARC, DKIM, and SPF settings.
- This is a huge risk for dealers because it means that any criminal can impersonate the emails of 89% of all American automotive dealerships
- Imagine getting a notice that your car payment is overdue and it looks like it can from the dealership.....but really that email is coming from a scammer
Potential Exploits by Cybercriminals: Without these protections, criminals can easily impersonate dealership employees in emails. This could lead to fraud, as customers might be tricked into making payments to fake accounts, or employees might unknowingly share sensitive information with attackers.
Want to see your Score?
Get it in 30 seconds!
Secure Email Gateway
Using a Secure Email Gateway is crucial for providing spam and phishing protection to employees. By checking the MX records, I assessed whether dealerships were using valid Secure Email Gateways.
Findings:
- About 65% of the dealerships were using a Secure Email Gateway.
- That is a great stat compared to other industries and shows that progress is being made by auto dealers to improve their security
Potential Exploits by Cybercriminals: Dealerships without a Secure Email Gateway are more vulnerable to phishing attacks. Phishing emails can trick employees into giving away login credentials or other sensitive information, leading to data breaches or financial losses.
Website Security Settings
A secure website is vital for protecting visitors' data. I analyzed the HTML code of the dealerships' websites to check for essential HTTP security headers, which prevent session hijacking, cookie theft, and data interception.
Findings:
- Only 1% of the dealerships had the necessary HTTP security headers.
- This is a huge risk to dealerships especially the ones that have a financing calculator on their website that takes the user's private data.
- Without the required security settings, the user's financial data can be copied by cyber criminals right from the website
Potential Exploits by Cybercriminals: Without these security headers, attackers can intercept data transferred between the user and the dealership's website. This could result in stolen personal information, which can then be used for identity theft or sold on the black market.
Web Application Firewall
A Web Application Firewall (WAF) helps prevent malicious actors from abusing a website. I checked to see if the dealerships used WAFs to protect their online presence.
Findings:
- Just 60% of the dealerships had a Web Application Firewall in place.
Potential Exploits by Cybercriminals: Without a WAF, dealerships are more susceptible to attacks such as SQL injection or cross-site scripting, which can compromise the website's security and potentially allow attackers to access sensitive backend data.
Website Encryption
SSL certificates are essential for encrypting traffic between a visitor and the website, ensuring that data remains private. I checked if the dealerships' websites used SSL certificates.
Findings:
- Around 94% of the dealerships had SSL certificates.
- This is a great sign that auto dealers are improving the security of their websites
Potential Exploits by Cybercriminals: Websites without SSL encryption make it easier for attackers to intercept data being transmitted. This could lead to stolen personal information, such as credit card details or personal identification numbers.
Conclusion
The findings from this study highlight a worrying trend in the car dealership industry's approach to cybersecurity. Despite the clear and present dangers of cyberattacks, many dealerships are not taking adequate steps to protect their data and their customers.
Key Recommendations
- Regular Dark Web Monitoring: Dealerships should regularly check dark web breach databases for exposed email addresses and take necessary actions, such as changing passwords and implementing two-factor authentication.
- Implement Email Authentication Protocols: Setting up DMARC, DKIM, and SPF should be a priority to prevent email impersonation and protect against phishing attacks.
- Use a Secure Email Gateway: Investing in a Secure Email Gateway can significantly reduce the risk of spam and phishing attacks.
- Enhance Website Security: Dealerships should ensure their websites have the necessary HTTP security headers to protect visitors from session hijacking and data interception.
- Deploy Web Application Firewalls: A Web Application Firewall can provide an additional layer of security against cyberattacks targeting the website.
- Adopt SSL Certificates: Ensuring that all website traffic is encrypted with SSL certificates is fundamental in protecting visitor data.
By taking these steps, car dealerships can significantly improve their cybersecurity posture, protect their valuable data, and build trust with their customers. Cybersecurity is an ongoing process, and staying vigilant against new threats is essential for the long-term success of any small business.
Secure Email Gateway
Using a Secure Email Gateway is crucial for providing spam and phishing protection to employees. By checking the MX records, I assessed whether dealerships were using valid Secure Email Gateways.
Findings:
- About 65% of the dealerships were using a Secure Email Gateway.
- That is a great stat compared to other industries and shows that progress is being made by auto dealers to improve their security
Potential Exploits by Cybercriminals: Dealerships without a Secure Email Gateway are more vulnerable to phishing attacks. Phishing emails can trick employees into giving away login credentials or other sensitive information, leading to data breaches or financial losses.
Website Security Settings
A secure website is vital for protecting visitors' data. I analyzed the HTML code of the dealerships' websites to check for essential HTTP security headers, which prevent session hijacking, cookie theft, and data interception.
Findings:
- Only 1% of the dealerships had the necessary HTTP security headers.
- This is a huge risk to dealerships especially the ones that have a financing calculator on their website that takes the user's private data.
- Without the required security settings, the user's financial data can be copied by cyber criminals right from the website
Potential Exploits by Cybercriminals: Without these security headers, attackers can intercept data transferred between the user and the dealership's website. This could result in stolen personal information, which can then be used for identity theft or sold on the black market.
Web Application Firewall
A Web Application Firewall (WAF) helps prevent malicious actors from abusing a website. I checked to see if the dealerships used WAFs to protect their online presence.
Findings:
- Just 60% of the dealerships had a Web Application Firewall in place.
Potential Exploits by Cybercriminals: Without a WAF, dealerships are more susceptible to attacks such as SQL injection or cross-site scripting, which can compromise the website's security and potentially allow attackers to access sensitive backend data.
Website Encryption
SSL certificates are essential for encrypting traffic between a visitor and the website, ensuring that data remains private. I checked if the dealerships' websites used SSL certificates.
Findings:
- Around 94% of the dealerships had SSL certificates.
- This is a great sign that auto dealers are improving the security of their websites
Potential Exploits by Cybercriminals: Websites without SSL encryption make it easier for attackers to intercept data being transmitted. This could lead to stolen personal information, such as credit card details or personal identification numbers.
Conclusion
The findings from this study highlight a worrying trend in the car dealership industry's approach to cybersecurity. Despite the clear and present dangers of cyberattacks, many dealerships are not taking adequate steps to protect their data and their customers.
Key Recommendations
- Regular Dark Web Monitoring: Dealerships should regularly check dark web breach databases for exposed email addresses and take necessary actions, such as changing passwords and implementing two-factor authentication.
- Implement Email Authentication Protocols: Setting up DMARC, DKIM, and SPF should be a priority to prevent email impersonation and protect against phishing attacks.
- Use a Secure Email Gateway: Investing in a Secure Email Gateway can significantly reduce the risk of spam and phishing attacks.
- Enhance Website Security: Dealerships should ensure their websites have the necessary HTTP security headers to protect visitors from session hijacking and data interception.
- Deploy Web Application Firewalls: A Web Application Firewall can provide an additional layer of security against cyberattacks targeting the website.
- Adopt SSL Certificates: Ensuring that all website traffic is encrypted with SSL certificates is fundamental in protecting visitor data.
By taking these steps, car dealerships can significantly improve their cybersecurity posture, protect their valuable data, and build trust with their customers. Cybersecurity is an ongoing process, and staying vigilant against new threats is essential for the long-term success of any small business.
