Wednesday, July 03, 2024

Preventing further cyber-disruption on the US’s troubled auto sector


Dr. Tim Sandle
DIGITAL JOURNAL
July 2, 2024

Tesla faces increasing competition in the electric vehicle sector, with a growing number of Chinese makers as well as traditional auto firms such as General Motors and Volkswagen - Copyright AFP/File SAUL LOEB

Many car dealerships in North America have been hit by a cyberattack. In the wake of major disruptions many have resorted to pen and paper in order to keep their businesses running. The cyberattacks were directed at a company whose software is used widely in the auto retail sales sector.

Looking at the incident is Mike Toole, head of security and IT at Blumira, who begins by describing what happened with the attack: “As of June 9, auto dealerships handling sensitive customer financial information must comply with the updated FTC Safeguards Rule.”

However, the learning points should lead to a more robust auto sector emerging: “This new rule presents an opportunity for the industry to come together, share best practices and ultimately enhance the cybersecurity posture of individual organizations.”

Yet how to approach these necessary improvements? Toole advises: “For auto dealership decision-makers wondering where to start when implementing robust security measures, here are some industry-wide best practices to consider…”

Toole presents the following ideas:

Identify Critical Vendors and SystemsInventory: Conduct an inventory of all third-party systems used in your dealership.

Critical Systems: Assess which vendor systems are critical to your daily operations (e.g., DMS, CRM, inventory management). Prioritize these systems based on their importance and potential impact if compromised.

Assess Security MeasuresVendor Security: Check if your vendors have basic cybersecurity measures in place. Ask them about their security practices and if they have any certifications (like ISO 27001).

System Security: Ensure that your critical systems are protected by strong passwords, regular updates and antivirus software.

Limit the Blast RadiusNetwork Segmentation: Divide your network into separate segments. For example, keep your sales and financial systems separate. This way, if one part of your network is compromised, the others remain safe.
Least Privilege: Use the principle of least privilege for vendor access to your systems. Use multi-factor authentication (MFA) wherever possible. Regularly review and update access controls for vendor accounts.

Monitor: Monitor vendor systems and implement threat detection and response capabilities.

Backup and RecoveryRegular Backups: Ensure that all critical data is backed up regularly. Store backups in a secure, off-site location that is still easily accessible. Consider having redundant systems or alternative vendors for critical functions.
Recovery Plan: Create detailed business continuity plans for each critical vendor system. Establish alternative processes or manual workarounds for key functions.
Testing: Test and update these backup processes annually.

Toole add: “As you adapt your business to these policy changes, it’s crucial to view the new policies through a lens of collective progress. Each new security measure implemented, each lesson learned from a simulation, and each collaborative effort between dealerships contribute to the overall resilience of the automotive industry.

His concluding advice is: “Looking ahead, the true measure of success will not be in avoiding every possible threat – an unrealistic goal in today’s digital world – but in how swiftly and effectively you respond when challenges arise. By fostering a culture of openness, continuous learning and mutual support, auto dealership decision-makers can protect individual businesses and strengthen the entire automotive ecosystem. In doing so, industry leaders can safeguard operations and reinforce customer trust.”


No comments:

Post a Comment