Experian’s Data Breach Resolution Group, a division of the consumer credit reporting company, recently issued their 2019 Data Breach Industry Forecast. While the report was full of important information, it made me wonder if the retail automotive industry is suffering from “Hurricane Syndrome.” You know the scenario. Weeks in advance, the weather pundits issue warnings that a hurricane is coming. Only a few people pay attention. A week before landfall, the cone of probability is posted. Most people continue to go about their business. Two days before landfall, winds are picking up and early rain bands are hitting. Some people might check the pantry and fuel gauge. Then the hurricane hits with full fury, flooding ensues, roofs are blown off, and emergency services are tapped out. In the aftermath, local news reporters interview victims who say, “We didn’t think it would be that bad!”
It’s been 13 years since the first major data breach impacted a US financial institution. According to the Experian report, the scale of data breaches in 2018 was staggering, with the number of compromised records in the first half of 2018 exceeding those for the entire previous year. Despite major security advancements, cybercriminals and black-hat hackers continue to wreak havoc on businesses. With automotive dealers and lenders moving further toward online sales, the risk of a data breach increases exponentially. While the industry must embrace this growing trend, dealers must also break out of their own data security Hurricane Syndrome.
While the Experian report is broad reaching, two predictions have specific application to retail automotive.
Wireless carrier attack
According to the Cox Automotive Car Buying Experience Report, 50 percent of consumers now engage with a dealership through some form of online tool, including email, phone, chat or text. The majority of these online tools use a wireless carrier to transport the data.
Think of it this way. You’re on your phone at work or an airport, and decide to use your carrier’s 4G internet service because no other WiFi is available. That internet service allows you to buy things online with your credit card, login to your bank account, and chat with your family on social media. You assume that you are protected and secure, but are you?
If your customer fills out a credit app on your website, from their phone, using their carrier’s 4G internet service, and that carrier gets hacked, is the private information that your customer has trusted you to store on your website secure? The answer is NO.
While dealerships have no sway in a wireless carrier’s security, they absolutely can protect information that enters or exits their servers while also raising customer awareness.
Experian predicts it’s only a matter of time until a major cloud vendor will suffer a breach, compromising the sensitive data stored. Previous breaches experienced by Amazon Web services were the result of misconfiguration of the subscriber account, which essentially left the door open for a cybercriminal to walk right into the vault. Many of the digital tools dealers use for customer relationship management and generating automatic loan approvals already rely heavily on cloud storage. Frankly, the volume of data now captured through a typical car sale demands this approach. Experian recommends improved monitoring systems to alert for misconfigurations and vulnerabilities. Private cloud hosting is another option. Regularly ask your vendors what they are doing to protect your information stored in the cloud.
Unfortunately, cybersecurity is not a one-time fix. Hackers continue poking holes in systems and tearing down walls as soon as they are erected. Don’t let the Hurricane Syndrome make you, your vendors, lenders or customers victims of a data breach. Make security a priority this year by auditing your internal processes and asking your partners for details on how they are protecting you.