.webp)
In June, a cyberattack struck CDK Global, a software provider serving over 15,000 car dealerships across North America, causing widespread operational disruption. The attack, which occurred over two days, forced the company to take its systems offline, leaving dealerships scrambling to function. Many dealers reverted to manual methods, slowing down transactions and frustrating customers.
Beyond the immediate chaos, the cyberattack poses serious concerns for recent car buyers. If your dealership uses CDK Global software, personal data such as your Social Security number, employment details, and home address—may have been compromised. If your dealer was subject to this attack, experts recommended freezing your credit as a precautionary step to protect against identity theft.
The attack on CDK Global is not an isolated incident but part of a troubling rise in cyber threats targeting the auto industry. Dealerships are increasingly becoming prime targets for hackers, and this is driving heightened awareness of attacks within the industry. According to a recent CDK Global study, 85% of dealerships now see cybersecurity as a top priority. However, only 37% of dealers feel confident in their current security measures—a significant decline in confidence compared to previous years.
The financial and operational toll from cyberattacks is massive. On average, ransomware attacks on dealerships lead to 16 days of downtime, with an average payout of over $228,000. But perhaps the most serious impact is the erosion of customer trust. A staggering 84% of customers say they would refuse to buy another vehicle from a dealership that failed to protect their data.
One of the leading threats to auto dealerships is phishing, accounting for 36% of data breaches within the industry. This type of cyberattack often exploits human error, which is especially concerning for dealerships, given the high employee turnover rates they experience. With an average turnover rate of 24%, according to the National Automobile Dealers Association, training staff to recognize phishing attempts and adhere to cybersecurity protocols becomes a continuous challenge.
Dealerships also face vulnerabilities related to unsecured networks. Many offer free Wi-Fi for customers waiting for service, but these networks can provide an easy point of entry for hackers looking to access sensitive customer data. Failing to secure these wireless networks tends to leads to data breaches.
In response to the growing threats, dealerships are beginning to make critical investments in cybersecurity. Nearly 60% of dealerships plan to increase their IT infrastructure investments, with an emphasis on antivirus and malware protection, both of which saw a 31% boost in investment since 2021. Additionally, dealerships are focusing on securing endpoint devices, investing in cybersecurity insurance, and providing ongoing employee training to prevent phishing attacks.
These investments are not just about reacting to past breaches—they’re also essential for compliance. Auto dealerships fall under the Federal Trade Commission’s (FTC) Safeguards Rule, which requires non-bank financial institutions to implement robust cybersecurity measures. Initially set to take effect in December 2022, the deadline for compliance was extended to June 2023, giving dealerships additional time to meet the requirements.
To comply with the Safeguards Rule, dealerships must create comprehensive security programs designed to protect sensitive customer data. Specific steps they need to take include:
The cyberattack on CDK Global is a critical reminder of the urgent need for improved cybersecurity in the auto industry. As hackers become more sophisticated and attacks more frequent, dealerships must shift from a reactive approach to a proactive one. This means not only meeting regulatory requirements but also investing in long-term solutions that protect their business and their customers.
By prioritizing security improvements—whether by enhancing employee training, securing networks, or updating IT infrastructure—dealerships can safeguard themselves from future breaches. As more customers become aware of cybersecurity risks, the dealerships that prove they can protect sensitive data will protect their reputation and stand to benefit from customer loyalty.
In an age where trust is becoming as important as product quality, auto dealerships must adapt to the new reality of cyber risk, using today’s challenges as a steppingstone toward a more secure future.
On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.
As we conclude our 'ransomware readiness week' of this Cybersecurity Awareness Month, it's time to take a critical look at your organization's defenses. Ransomware attacks are becoming more sophisticated, and no business is immune. In our latest article, we explore essential strategies to bolster your ransomware preparedness. Don't miss this vital information to help protect your business from emerging threats.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
.png)