In an era where cyber threats are evolving at an unprecedented pace, the automotive industry is not immune. Dealerships handle vast amounts of sensitive customer data, making them prime targets for cybercriminals. On a recent episode of Dealer Tech Tuesdays, host John Acosta sat down with Justin Shanken, CEO of BlackBreach and former Special Agent with the U.S. Army’s Counterintelligence Division. Justin shared his invaluable expertise on the importance of robust cybersecurity measures in dealerships.

Understanding the Cyber Threat Landscape

Justin’s extensive background in government cybersecurity operations provides a unique perspective on the current cyber threat landscape:

• Evolving Threats: Cybercriminals are becoming increasingly sophisticated, employing advanced techniques to breach security systems.

• Organized Cybercrime: Many cyber threats come from well-organized groups that operate like businesses, complete with support teams and sophisticated tools.

• Targeting Dealerships: Dealerships are attractive targets due to the perception of affluence and the valuable customer data they hold.

The Importance of Regulatory Compliance

Justin emphasizes that while dealerships may feel overwhelmed by new regulations like the FTC’s Safeguards Rule, these measures are essential:

• FTC Safeguards Rule: Requires dealerships to implement specific security protocols to protect customer information.

• Not Alone in Compliance: Other industries, such as finance and healthcare, have been under similar regulations for years.

• Basic Security Measures: Requirements like multi-factor authentication (MFA) are considered basic security steps, not comprehensive solutions.

Debunking Misconceptions About Penetration Testing

A significant portion of the conversation focused on the misconceptions surrounding penetration testing:

• What Penetration Testing Is Not: Automated scans or basic vulnerability assessments do not constitute a proper penetration test.

• The Real Deal: True penetration testing involves skilled cybersecurity professionals actively attempting to exploit vulnerabilities in a system.

• Importance of Expertise: Employing certified and experienced professionals is crucial to obtaining accurate and actionable results.

The Real Risks: Class Action Lawsuits and Data Breaches

Justin warns that non-compliance and lax security measures can lead to severe consequences:

• Class Action Lawsuits: Dealerships are increasingly facing lawsuits from customers affected by data breaches.

• Financial Impact: Beyond regulatory fines, the cost of downtime, loss of customer trust, and legal fees can be devastating.
• Buying a Ticking Time Bomb: Dealerships acquiring other businesses must be cautious not to inherit unresolved cybersecurity issues.

The conversation with Justin Shanken serves as a wake-up call for dealerships to take cybersecurity seriously. Implementing robust security measures, understanding the real threats, and seeking expert guidance are not just regulatory requirements but essential steps to protect the business and its customers.

 

Listen to full Episode