Dealers and other automotive businesses are being warned of “a period of heightened risk” of cyber-attacks.
Digital motor retailing solutions provider iVendi claims that a number of factors, including the situation is Ukraine, is causing an increased level of malicious activity, and a multi-market European dealer group was recently targeted by hackers.
It has been reported that phishing attempts increased by as much as 300% in February 2022, so increased vigilance is recommended.
Simon Hunt, head of information security and compliance at iVendi, said: “It is widely acknowledged that we are currently seeing a substantially increased threat level and, only a few weeks ago, a general warning was issued by official cyber security bodies in the US, UK and Australia about high levels of activity.
“While details of the major European dealer group incident are limited, it illustrates how motor retailers – perhaps especially larger businesses – are potentially vulnerable to malicious attacks that could seriously compromise their ability to operate in the short term and damage their reputation in the longer term.
“What we can also say with some certainty from our wide experience of the dealer sector in the UK and across Europe is that security standards vary widely.”
Hunt joined the business last year, having worked with iVendi as a consultant since 2017.
IVendi has outlined 10 key points to help dealers and business owners to protect their digital presence.
“The new 10-point document that we are releasing is not designed to replace a full security consultation but instead is intended to prompt action within dealerships to ensure they are taking the basic actions required to protect their data and their businesses during a period of heightened risk, providing a quite detailed guide to the areas they should examine,” Hunt added.
The document suggests that organisation move to a heightened state of alert. By acknowledging the increased threat level, iVendi says businesses can prioritise necessary cyber security actions and give themselves the best chance of preventing a cyber-attack.
Offering car buyers the ability to buy a car in minutes online is expected to be one of six key trends dealers must embrace in 2022, according to Automotive Transformation Group.
Ten-point cyber security checklist:
1. Check your patching is up to date
Ensure servers, PCs, laptops and mobile devices are patched and up to date. This should include all applications. Utilise a patch management solution and turn on automatic updates where possible.
Web-facing services that remain unpatched can represent a very high risk and are likely to be targeted by attackers.
2. Check access controls and password policy
Make sure all users are using unique passwords which are not used on other, personal accounts. Ask users to check that their passwords are strong and get them to immediately change any which are not.
Password managers can maintain strong and unique passwords. If multi-factor authentication (MFA) is available, make sure it is enabled.
Review accounts that have privileged or administrative access and remove old, unused or unrecognised accounts.
3. Check your defences
Ensure antivirus software is installed on all PCs and laptops, and regularly check that it is active on all systems and that signatures are up to date.
Check firewall rules are as you would expect. In particular, check for temporary rules that may have been left in place beyond their expected use.
4. Check logging and monitoring
Review logs, check how logs are protected and how long they are retained - they should be held for a minimum of one month.
For the period of increased risk, consider increasing the frequency with which you check security logs on servers and network devices. A log management solution or SIEM can help.
5. Check your backup and recovery strategy
Confirm backups are running correctly and that you have a documented recovery plan. Check that a recovery test has been carried out recently so that you can be confident you will recover from a system loss.
6. Check your incident response plan
Review your incident response plan and check it is up to date. Double check that escalation plans and corresponding contact details are all correct.
Make sure it is clear who has the authority to make key decisions both during and outside of normal business hours if these individuals are different.
7. Check your internet connections
Check that records of your internet connections are up to date. This should include factors such as which IP addresses your systems use on the web and which domain names belong to your organisation.
Domain registration data should be held securely. Your domain registry account should have a strong password and MFA, if available.
8. Check you phishing response capability
Educating users on how to recognise likely phishing attempts and other forms of social engineering should be a part of your security awareness training plan.
Make sure that staff know how to report phishing emails and that you have a process in place to deal with any security incidents that are reported.
9. Check third party access
If you need to let third-party organisations have access to your systems, make sure you have a clear understanding of what level of privilege is extended into your systems, and who controls it.
During a time of increased cyber risk, you should be sure to remove any access that is no longer required.
Before allowing connection, you should review the security practices of the third parties in question. Supply chain attacks have been a rapidly increasing threat vector in recent times.
10. Check sources of threat intelligence
Staying up to date with relevant threats during a period of increased cyber risk is critical to avoiding and responding to security risks.
There are many excellent sources of threat intelligence, but a good default source is the National Cyber Security Centre (NCSC) website (https://www.ncsc.gov.uk/)
It is also possible to register for the NCSC Early Warning Service at https://www.ncsc.gov.uk/information/early-warning-service so that the organisation can inform you of any malicious activity originating from your systems.