The automotive retail industry is facing a growing threat from cyber attacks, with 17% of dealers experiencing incidents in the past year despite 53% feeling confident in their current protection, according to CDK Global.

I've witnessed the rapid evolution of cyber threats across various industries. The automotive sector, once perceived as relatively insulated, is now facing unprecedented risks. Reflecting on discussions with my team earlier last year, it became evident that the auto industry was poised to take center stage in the cybersecurity arena, and it did. So, I wrote this article to share some advice and key points for leaders in the automotive industry.


Cyber Threats in the Automotive Industry: When did it start?

The emergence of connected cars, boasting advanced features and embedded connectivity, has transformed vehicles into prime targets for cyber criminals. The introduction of the Onboard Diagnostics port (ODB) in the late 1990s marked the beginning of automotive cyber-attacks, offering direct access to engine management systems. While hacking vehicles once required specialized hardware and software, the industry has shifted dramatically. Nowadays, vehicles can connect to the internet, creating a whole host of unprecedented vulnerabilities.

On average, there are over 10 million cars equipped with embedded connectivity capabilities, ranging from smart cars to electric and self-driving vehicles. As consumer demands for advanced auto experiences grow, so does the integration of technology, providing more avenues for threat actors to exploit.

Contrary to popular belief, it's not solely the auto industry that cyber criminals target; rather, it's any entity that collects valuable data. Modern cars, with their integration of advanced technology, have become prime targets for malicious actors. For auto retail executives, the realization that their businesses are potential targets is imperative. The prominence of the auto industry in cybersecurity discussions underscores the urgency for proactive measures.

The question of when the auto industry became a target is moot. The integration of technology into automotive infrastructure has made it a target from the outset. For business leaders in the auto retail sector, the focus must shift from if an attack will occur to when it will happen.


The Auto Myth: Dispelling Misconceptions

In my years within the tech industry, I've encountered a prevailing misconception: the belief that only big-name brands fall prey to cyber attacks. Cyber criminals don't discriminate based on brand size; any business, regardless of scale, could be a potential target.

Hackers often target businesses they perceive as vulnerable, and surprisingly, it's often the smaller auto retailers that lack adequate cybersecurity measures and protocols. When successful breaches occur, the aftermath is profound. Not only do they result in production delays and failures, but they also erode customer and partner trust, tarnishing the business's reputation.

Moreover, having a cybersecurity plan in place doesn't equate to foolproof protection. Cybersecurity, by its nature, cannot offer absolute guarantees. Hackers are relentless in their pursuits, and will continue their attempts to access data, especially with the aid of AI technology.

This year alone, several incidents within the auto industry serve as stark reminders of the prevalence of cyber crime:

Jeff Wyler Automotive Family Notifies Consumers of May 2023 Data Breach Affecting SSNs and Financial Account Information

JCT600 Vowing Resilience in Face of Cyber Attack

Toyota Warns Customers of Data Breach Exposing Personal, Financial Info

These incidents underscore the importance of cybersecurity readiness for businesses of all sizes in the auto industry.


Cross-Industry Insights: Applying Lessons to the Automotive Sector

Drawing from lessons learned across various industries, it's clear that the automotive sector must prioritize cybersecurity while embracing technological advancements. One significant challenge lies in the lack of awareness among retailers regarding existing threats, leaving their data vulnerable and privacy at risk. Compounding this issue, current regulations fail to adequately address the collection and use of vehicle data.

To bolster the cybersecurity of vehicle data, several key measures are essential:

Implement Robust Data Protection Measures: As vehicles become more advanced, reliable data protection and backup systems are crucial to safeguarding sensitive information.

Inform Users: Automotive owners should educate employees and customers about data collection practices, potential risks, and strategies for data protection.

Regulation of Data Collection and Use: Clear regulations are needed to govern the collection, storage, and utilization of vehicle data, ensuring compliance and accountability across the industry.

Mitigation Plan in Place: Any business should be designed with robust security features, including strong authentication and encryption, to mitigate the risk of unauthorized access and data breaches.

By embracing these proactive measures, the automotive industry can protect their operations while supporting innovation and enhancing consumer trust in connected vehicles.

Cybersecurity is undeniably critical for automotive manufacturers and dealerships owners, and addressing cybersecurity in this industry is a complex challenge with no simple, one-size-fits-all solution, given the intricate nature of potential future cyber threats.

Furthering our efforts to help auto industry leaders protect their operations, One Step Secure IT recently became a partner and IT and cybersecurity vendor of FordDirect, and you can find our services listed on The Shop. Moreover, we are actively assisting other dealerships such as Yonker Honda in NYC.

We invite you to witness our impact through testimonials.