Are you doing enough to prevent cyberattacks?
- What are common cyberattacks?
- What can you do to help prevent them?
Theft is a crime as old as time. And as information has become more digital, and more valuable, criminals have developed ways to steal it. What is one of the most sought after types of information? Consumer data. And dealerships have a lot of it.
The rise of cyberattacks as a means to steal information is quickly becoming more common and more publicized. So what do you need to know about these attacks?
What are cyberattacks?
Cyberattacks are an attempt to access or damage your computer or network. They can happen to anyone. A survey of over 500 U.S. businesses of all sizes showed that 51% were impacted in 2020. There is some common terminology used around cyberattacks:
Malware: Malware is a blending of the words in the phrase: “malicious software”. As you would expect, this is software that is designed to carry out or facilitate malicious intent. Malware typically attacks known vulnerabilities in software. Independent pieces of malware can be packaged or chained together, allowing an attacker to leverage one vulnerability after another, eventually leading to a larger final security compromise.
Ransomware: Currently the most common and damaging objective for the attackers. Ransomware is a specific type of malware that encrypts the data on a computer or network with a password set by the attacker. The attacker then offers to unlock the data for a ransom and will often threaten to leak the data and notify customers if payment isn’t received (further increasing the pressure on the business to pay the ransom).
Phishing: Phishing attacks are the most common type of attacks leveraging social engineering techniques. Attackers use fake emails, social media, instant messaging, and text messages to trick victims into providing sensitive information, opening malicious attachments, or visiting malicious websites. Their intent is to obtain sensitive information or install malware. Once malware is installed on a single computer on the network, it can often be remotely controlled to expand across the entire network. This is the most common method to deliver malware.
How can I prepare for the future?
Being proactive in cybersecurity saves time, money, resources and reputation. You can help prevent, detect, and recover faster with a plan specifically for cyber incidents. Here are five ways you can prepare for future attacks:
- Have an Incident Response Plan: Develop a plan to respond when a cyberattack occurs. Cyberattacks can happen in a matter of minutes and ransom payment time can be limited. Having a plan in place helps you make clear, thought-out decisions during a stressful situation. It is best to have pre-selected the partners you will work with to help you with incident response (for example, technical, insurance, and legal partners). You can rehearse your plan from time to time by performing a “table top exercise” (imagining an attack scenario and playing out your responses).
- Upgrade your cybersecurity solutions: Your cybersecurity program is your defense against these attacks. Update to the latest versions of your security systems and avoid relying on only one security feature. Strong cybersecurity layers multiple solutions. Ensure you have 24 x 7 x 365 security monitoring of your systems. Attackers often choose to launch their attacks during weekends and holidays when IT staffing is generally low or retailers are very busy.
- Train your employees: Human error allows holes in your defense that can be manipulated. Training your employees gives them the knowledge of how to identify and report cyber threats. Training can include password security, e-mail (phishing) security, suspicious link detection, and early signs of an attack.
- Back-up your data: Many cyberattacks occur to gain access to your data. To back up your data, you can store it in a remote location not permanently connected to your network. In ransomware attacks, having a reliable backup can save you hundreds of thousands of dollars. Attackers often seek out backup copies while investigating the network, to destroy them and force a ransom payment. Hence having an offline backup is a critical strategy.
- Cyber insurance: Cyber incidents cost time, money, and can harm your reputation. Another proactive approach to protecting your business is to buy cyber insurance. Cyber insurance insures losses accrued from cyber incidents and implements protection methods to prevent future attacks. Often times, cyber insurance companies will require that your security tools be current and modern.
Take a look at what resources you have in place to prevent cyber threats. Be proactive with your security with solutions that work together to give your dealership protection.