Kharmela Mindanao

By: Kharmela Mindanao on January 17th, 2023

Print/Save as PDF

7 Reasons Hackers Target Auto Dealerships (& How to Stay Safe)

Cybersecurity | Industry

As the automotive industry becomes increasingly reliant on technology, auto dealerships face a growing number of cyber threats. From ransomware to phishing, the likelihood of your dealership experiencing a security incident grows higher and higher each day.   

Why Hackers Target Auto Dealerships

And while all businesses are at risk of cyber-attacks, auto dealerships, in particular, are prone to hackers due to the following reasons:   

1. Access to PII (Personally Identifiable Information) 

2. Availability of financial information 

3. Desire for reputational damage 

4. Less cybersecurity awareness 

5. Lack of strong cybersecurity measures 

6. Dependence on technology 

7. Common interconnected systems 

As a Managed IT Service Provider (MSP) handling the cybersecurity of multiple automotive companies, we’ll delve deeper into these reasons and discuss steps auto dealerships can take to protect themselves.  

Reasons Hackers Target Auto Dealerships

1. Access to PII (Personally Identifiable Information) 

Cybercriminals may target auto dealerships due to these businesses’ access to sensitive customer data. This data can include personal information like Social Security numbers, addresses, and driver’s license numbers.  

PII can be valuable to cybercriminals and can be used for identity theft or other fraudulent activities.  

2. Availability of financial information 

In addition to customer data, auto dealerships may also handle financial transactions, such as loan applications and vehicle purchases. Cybercriminals target these transactions as they often seek to steal financial information to commit fraud.  

3. Desire for reputational damage 

A cyberattack on an auto dealership can also lead to significant reputation damage. Cybercriminals may target dealerships to blackmail companies, dangling their reputation on the line.   

Customers may lose trust in the dealership’s ability to protect their personal information, leading to financial losses for the dealership. This results in many companies giving in to the demands of criminals, despite it not being in their best interest.   

4. Limited cybersecurity awareness 

Some auto dealerships aren’t fully aware of the potential cyber threats they face or the steps they can take to protect themselves. This lack of awareness can make them more susceptible to attacks and more attractive targets for hackers.  

5. Lack of strong cybersecurity measures 

Because many auto dealers are busy with the day-to-day tasks of growing a business, it’s common to see many dealerships with weak IT protections. Hackers know this too and deliberately look for companies that prioritize other aspects of their business while letting their IT take a back seat.   

6. Dependence on technology 

As the automotive industry becomes more reliant on technology, auto dealerships may be more vulnerable to cyber-attacks that target these systems. From POS (Point-of-sale) machines to electronic devices in cars, technology – and its pitfalls – are everywhere.   

7. Common interconnected systems 

Auto dealerships often have multiple interconnected systems, such as dealer management, customer relationship management, and inventory management systems. A breach in any of these systems can compromise the security of the entire dealership.  

A well-designed IT network can mitigate the damage of a data breach and involves a core IT team dedicated to your business’ security.   

3 Types of Cybersecurity Solutions your Business Must Have

How to Protect Your Dealership from Cyber Attacks  

So, how can auto dealerships protect themselves against these threats? 

1. Follow a cybersecurity framework.   

cybersecurity framework (2)A critical step is to follow a cybersecurity framework. Cybersecurity frameworks such as NIST provide a set of best practices and guidelines for protecting against cyber threats, such as malware, ransomware, and phishing attacks. By following a framework, organizations can better defend against these threats and reduce the risk of a successful attack.  

2. Implement two-factor authentication.  

implement 2faMFA and 2FA add an extra layer of security by requiring additional information, such as a code sent to a phone, to log in to an account. Making 2FA a standard practice across all accounts in your dealership will go a long way to protecting your data.   

3. Use strong passwords.  

strong password-1Cybercriminals can often guess or crack weak passwords, so it’s crucial to use strong, unique passwords and to update them regularly.  

Read: “NIST Password Guidelines 2022: 9 Rules to Follow”  

4. Secure all devices with network access.  

network accessIt’s important for each dealership to carefully identify which devices connect to your IT network and ensure each device has up-to-date security settings. At the very least, each device should have updated antivirus software and the latest security patches.  

5. Limit access to sensitive data.  

sensitive dataOnly grant access to sensitive data to those who absolutely need it and regularly review and update access permissions. Avoid situations where offboarded employees can access customers’ private data.  

6. Implement data encryption.  

data encyrptionEncrypting data can help protect it from being accessed by unauthorized parties, even if it is stolen or compromised. 


7. Work with cybersecurity experts.   

cybersecurity expertDealerships will benefit from working with cybersecurity experts who can provide expert guidance and support in implementing and maintaining effective cybersecurity measures.   

Whether you work on onboarding an in-house expert or partner with a Managed Security Service Provider (MSSP), cybersecurity experts deeply help with network security, data backup and recovery, and compliance support.  

Read: 5 Qualities You Should Look for in a Managed Security Service Provider  

8. Conduct security awareness training.   

ongoing security awareness trainingAnother essential step for auto dealerships is to educate employees on cybersecurity best practices. This might include training on how to identify and report suspicious activity, how to create strong passwords, and how to handle sensitive data.  

 9. Prepare an incident response plan 

prepared incident response planIn addition to implementing strong cybersecurity measures, auto dealerships should also have a plan in place for responding to a cyberattack.   

This might include working with a cybersecurity expert to identify the source of the attack and implement measures to prevent future attacks, as well as communicating with customers and other stakeholders about the attack and any steps taken to address it. 

10. Regularly test security measures.  

test security measuresRegular security audits and penetration testing can help identify any vulnerabilities in your system. Reality often messes with our plans and going through the entire disaster recovery process ensures any potential issues are solved immediately.  

Ready To Improve Your Auto Dealership’s Cybersecurity?  

Overall, auto dealerships need to prioritize cybersecurity to avoid financial costs and reputation damage. By implementing strong cybersecurity measures and educating employees on best practices, auto dealerships can better protect themselves against potential cyber threats.  

However, taking the necessary steps to improve your IT network is difficult.   

With all the advice out there about protecting your dealership, it can get overwhelmingly fast. Find out where to start on your cybersecurity journey by reading our free eBook, “3 Types of Cybersecurity Solutions your Business Must Have.” We also have the following resources available for you: 

3 Types of Cybersecurity Solutions your Business Must Have