Hackers are playing by new rules, and dealerships’ defenses aren’t ready

Auto dealers are getting better at protecting their computer networks from cyberattacks, an information technology consultant who works with dealerships told me last week.

They’re investing in phishing training, a process that tests whether employees click on suspicious emails and trains those who do on proper security practices. More are carrying cyber insurance. They’re talking to colleagues in industry peer groups about best practices.

And yet, said Erik Nachbahr, president of Helion Technologies, just as dealerships have improved their defenses against hackers, the hackers have started using a different playbook.

It used to be that cybercriminals would deploy automated programs that would lock up files once someone clicked a malicious link or attachment in an email, he said. Then antivirus software and firewalls got better at blocking them. So the hackers evolved. Now, Nachbahr says, when they gain access to the networks, they’re embedding themselves in the systems, figuring out how they’re designed and laying the foundation for an attack before they launch it.

Those attacks — often ransomware, in which hackers lock down a computer system in exchange for a ransom demand — can be devastating, he said. Last month, for instance, Colonial Pipeline, which provides crucial energy supplies to the East Coast, went down for days after an attack; the CEO has said the organization paid a $4.4 million ransom. Municipal governments and public schools also have been targets.

So have dealerships. Nachbahr told me that among Helion’s 750 U.S. franchised dealership clients, “we see credible, critical-level threats a few times a week.”

“The attackers have identified industries where they’re not doing enough defense,” he said. “And dealers are one of those.”

New threat intelligence software can better detect hackers rooting around inside computer networks, he said. But it’s newer technology, and many dealerships aren’t yet using it.

Nachbahr says bringing awareness to the severity of cyberattacks and what’s at stake for dealers — including the possibility of having their operations shut down entirely — is his top priority.

“Dealers have always struggled with readiness when it comes to cybersecurity,” he told me. “Dealers started doing more things, but now the game has changed substantially, and they’re not ready.”