Given their systems contain a wealth of consumers’ personal and financial data, automotive dealerships are a prime target for cyber criminals. Given that 15% of US dealerships experienced a cyber security incident in 2022, the IT departments for these organisations are busy beefing up their cyber security programmes to secure their physical network and infrastructure. Notably, the majority of cyber attacks on dealerships aren’t hackers penetrating firewalls and such; instead they are using a much simpler delivery mechanism—email.
At least 85% of the security breaches were innocent-looking emails using sophisticated phishing techniques to get unsuspecting employees to reveal their usernames and passwords. Others contain attachments or links to allow ransomware or other nasty cyber critters to access desktops, servers, and data storage on the dealership’s network. If an employee falls for such a scam, it can open the dealership’s systems to not only ransom demands but also exploitations like document alteration (e.g., Accounts Payable (AP) invoices/payment requests), even a full-on data breach.
Dealers can arm themselves with advanced spam and malware detectors to try to isolate such emails. However, ongoing security training is critical for employees to remain vigilant and able to recognise potential scams rather than fall for them.
Fortify what’s behind the firewall, too, with secure automated systems
Malware detectors and employee training aren’t foolproof. If a phishing attempt slips through the cracks and even one employee falls for it, having secured, automated backend systems and processes can prevent much, if not all, of the would-be damage. Here’s how.
Automated document management systems can scan paper or produce electronic financial and legal documents including invoices, contracts, borrower applications, and more, encrypting and storing them on secure storage or a private cloud to reduce the risk of loss or theft. Automated approval workflows can streamline the AP process, eliminating points where a cyber intruder might insert themselves and reducing the risk of errors. Automation ensures transaction integrity, that invoices remain secure and unaltered, and are approved manually only when necessary and only by the appropriate personnel.
Malware detectors and employee training aren’t foolproof
Auditing and reporting provided by automated AP systems can give authorised users real-time visibility into financial transactions, flag potential discrepancies, and produce audit trails for any changes to those records. Flagging and halting suspicious transactions reduces the risk of fraud, even if a cyber intruder finds a way to alter the data. Secure, encrypted, automated integration and data sharing with other financial systems, such as financial software and banking systems, ensure transactions are accurate and consistent across systems. Integration eliminates manual re-entry that might otherwise allow access and tampering with transaction details.
Also, automated AP systems can ensure invoices are matched electronically to orders placed (or goods received). Encrypting transaction and payment data secure them from unauthorised snoopers, even if they do slip behind the firewall.
In short, cyber security programmes are critical, but sometimes it comes down to good old human error. A dealership’s cyber defenses should also include encrypted, automated systems behind the firewall.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.
Laurent Charpentier is Chief Executive of Yooz
The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact email@example.com