ARTICLES

Automotive Cybersecurity - Ways To Protect Your Business

30th January 2024

 

Ian Gillot Titan DMS

Comment: Ian Gillott, CIO Titan DMS.

Cybersecurity threats are top of mind for many in the automotive industry as we head into 2024. The high-profile attack on Eagers Ltd that put them into a trading halt in December is making OEM and dealership stakeholders extremely nervous.

These nerves are a good thing.

The threat is real, it needs to be taken seriously, and if you are nervous about it, you are probably also pro-active about it which lessens the chance of you being on the receiving end. Note that I said “lessens” the chance. With the tools available to threat actors, social engineering, and the complexity of today’s IT environments, organisations are encouraged to take the view that they just need to make their houses more difficult to break into than the neighbours. Making it impervious to attacks is something that even mega-corporations such as banking institutions and the military have been unable to achieve.

Since the cyber incident with Eagers, many of our customers have contacted us to ask how they can avoid the same fate. Short of hiring cyber specialists who can do a full review and hardening of your systems and IT environment, there are a few basic steps that can be taken to make you less susceptible than the business next door. Protection starts with understanding that cybercriminals operate on a similar principle to a standard business – maximising ROI. The time invested in accessing a system vs the value of the data taken or locked out from the business directly affects the profit (ransom) on their investment (time).

The greatest protection you can offer your business is to ensure that anything of value, requires significant time and dedication to access, making other targets more appealing. Technology still needs to be the enabler, and when it comes to how far you can go, the answer is forever. But there is a sensible limit. Protections can make technology more difficult to break through, but also remove convenience for you as a business. Determine your risk profile, and set a sensible limit. In short, your security should be aligned with your business to allow it to be protected but not overburdened. Here’s where to start:

Basics of protection:

  • Patching of systems (making sure you are running the latest operating system updates from your suppliers, across all machines)
  • Backup data that is not provided by a professional cloud-based provider
  • Introduce multi-factor authentication (MFA) for sensitive data
  • Password security levels – segment data access by role or seniority and introduce regular password update policies
  • Staff training – best practice data & technology processes, spotting scams/phishing/man-in-the-middle type attacks, and policing remote access to company IT

Taking it further:

  • Data retention planning. Beyond the DMS system, what data do you store on-site? Where do you store it and what is the value of that data to the business? Are you only housing data that adds value to the business?
  • Draw up & circulate a simple data breach response plan (Australian Information Commissioner guide here: http://tinyurl.com/4m8rk9s4)
  • Engage a cyber specialist company to undertake a security review of your systems and propose tiered-level upgrade and support options
  • Implement an Endpoint Detection and Response solution (EDR) and stress the importance of not just detecting a Threat Actor, but also what action will you take when you detect it
  • Given many of the attacks are ransomware, it’s worth considering investing in a full disaster recovery site that has snapshot capability so, in the event of a ransomware attack, you can roll back to a point in time before the files were locked. Amazon Elastic Disaster Recovery is a good example of this type of capability and is available for production data via Titan or directly from AWS at https://aws.amazon.com/disaster-recovery/

I understand “Investment” in cyber defence can feel like a sunk cost and when budgets are tight, the temptation to invest in margin assets rather than defence is high. But, as with other forms of insurance, there is a level appropriate for every business and those businesses with a consistent approach to improvement will be the toughest prospects for the criminals to target.

The recent breaches within the automotive industry are a stark reminder of the potential cyber-attacks have to cause enormous disruption and cost to an organisation. We should all use it as a valuable reminder to ensure data security is a business priority in the new year.

May you all have a safe, enjoyable, and prosperous 2024.

Ian

 


Bio: Ian has spent the last 20 years between Australia and the US in senior IT and CIO/ CTO roles across large-scale global businesses. Much of this time has been providing cybersecurity enterprise solutions for customers such as the Pentagon, US Military, Microsoft, British Telecom, Amex, and American Airlines.

 


Other stories on our Blog
Automotive Cybersecurity
Cybersecurity threats are top of mind for many in the automotive industry as we head into 2024...
Titan's Values-Driven Approach
In a world of digital solutions, we believe people still make the difference.
Titan Launches In Japan
Titan DMS is delighted to announce our launch into the Japanese automotive market. 
Key Appointments: Gearing Up For Growth
As Titan DMS accelerates its global expansion in 2024, we spent the last few months of 2023 getting foundations in place to capitalize on several significant opportunities in Australia and international markets.
BMW Thailand: Network Roll-Out Success
The implementation of Titan DMS software across Thailand's BMW dealer network has now been completed. This marks the successful conclusion of an extensive three-year deployment project and signifies a major milestone for Titan in our international development.
Helping You Get More From Titan
Meet Gary Creer, our new Product Utilisation Specialist here at Titan.
Super-Charge Productivity At Onboarding
One of the most common challenges facing automotive dealerships every day is staff turnover. With an industry that sees staff transition rates anywhere between 30-50%, ensuring new staff reach minimum productivity levels in the shortest time possible is essential.
Customer Satisfaction - KPI Improvements
A key pillar of Titan’s DMS offering is the provision of a knowledgeable and empowered customer service team that can provide reliable and timely support to keep our dealer and OEM customers working.
Titan 2024 - The Road Ahead
As we step into the new year, 2024 provides us with exciting growth opportunities at home and abroad, and our recruitment drive to fill these opportunities is already well underway.