Cyberattacks increase in auto dealerships: CDK Global study
DataGrail ‘launches’ new risk monitor tool
SAN FRANCISCO, Oct 13: DataGrail, a leading data privacy platform, today announced its new Risk Monitor product to help organizations overcome the challenges that accompany privacy risk assessments associated with thirdparty and internal systems. In particular, this first-of-its-kind product gives privacy leaders an automated way to complete and manage Data Protection Impact Assessments (DPIAs), calculating data privacy risk across an entire organization. Not only does DataGrail’s Risk Monitor product significantly reduce the workload on privacy managers, but it also evangelizes good privacy practices across companies and helps employees understand privacy risk at a deeper level. Risk Monitor’s release comes on the heels of DataGrail’s announcement of $45 million in Series C funding and strong company momentum.
Currently, there is no standard way to monitor privacy risk at an organization, nor are there intelligent workflows that guide teams through filling out risk assessments (DPIAs or PIAs). The language used in the GDPR and CCPA is not precise and often left to interpretation, making it a challenging and time-consuming process for privacy managers. Risk Monitor strips away complications to take entire companies on a journey towards privacy best practices.
Designed to help organizations understand, address and minimize the privacy risks associated with different technologies, Risk Monitor taps into DataGrail’s industry-leading integration network to pre-populate relevant information about SaaS technologies. This information is used to inform intelligent workflows, intuitively determining the risks of using these technologies and reducing the burden on team members.
Privacy
“Since the earliest days of GDPR, DPIAs have plagued the industry as one of the most problematic privacy tasks to complete,” said Daniel Barber, CEO and co-founder of DataGrail. “Work is often federated to the wrong person or too many parties are burdened unnecessarily. DataGrail’s Risk Monitor changes this entirely by automating the work in real time. Our new product helps make privacy a top priority that ultimately leads to better governance and data management practices.”
DataGrail’s Risk Monitor streamlines workflows for assessing risk, generating a full understanding of what thirdparty apps are being used, by whom, why and how- and privacy managers can do so in record time with little disruption to their daily tasks.
Noteworthy product capabilities include: DataGrail’s automated Risk Monitor product ensures that colleagues across all departments as well as external contributors can understand the impact of new technology adoption on privacy. It gives them better visibility into how to protect customers’ data without placing undue burdens on any individual.
Backed by the largest integration network in the market, DataGrail future-proofs companies’ privacy programs by automatically detecting where personal information is stored and respecting evolving laws and regulations. This makes it easy for DataGrail customers to turn privacy into a differentiator, unlocking revenue while protecting the fundamental right to privacy.
To learn more about DataGrail’s unique approach and cutting-edge technology, please join us for our live launch event on October 20th.
HOFFMAN ESTATES, Ill, Oct 13: Cybercriminals are getting craftier as auto retailers continue to fall victim to welldisguised attacks. According to the second annual dealership cybersecurity study by CDK Global Inc., a leading automotive retail software provider, 15% of dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue. The consistent cyberthreats have auto retailers concerned about securing their networks as they prepare for the upcoming Federal Trade Commission (FTC) Safeguards Rule implementation on Dec. 9.
“Consumers are continuously shifting to a more mobile environment, requiring automotive dealerships to streamline their sales and service online. Unfortunately, it can lead to creating gaps in IT networks for securing data,” said Joe Bell, vice president and general manager of IT Solutions Product & Technology, CDK Global. “Updating a dealership’s IT infrastructure, establishing an incident readiness plan and identifying qualified individuals to oversee the requirements are important steps for auto retailers in meeting the upcoming FTC compliance deadline.”
The amended FTC Safeguards Rule outlines compliance measures that includes securing customer data and implementing a comprehensive information security program. Having a solid cybersecurity plan in place is key for dealers to meet the Safeguards Rule, yet the study found that only 37% of auto retailers are confident in the current protection, resulting in a 21% decrease in preparedness compared to CDK Global’s 2021 study. With the Rule compliance deadline fast approaching, dealerships are getting serious about their cybersecurity measures.
Investments
The CDK Global State of Cybersecurity in the Dealership report found nearly 60% of dealers plan to prioritize upgraded investments in IT infrastructure.
Dealerships are preparing for the influx of possible attacks to their infrastructure, including hiring cybersecurity experts both in-house and externally and educating staff on detecting potential cyber threats.
“With the recent surge of ransomware attacks around the world and the advancement of security protocols we have made, cybersecurity remains a huge priority,” said Preston Petersen, general manager and partner at Team Automotive Group in Baton Rouge, Louisiana. “The risk to businesses and our industry is at an all-time high, and we take that risk very seriously.”
Ensuring that dealers will be FTC compliant by Dec. 9 remains uncertain, as many auto retailers are finding the Safeguards Rule to be difficult to understand or complete. CDK’s State of Cybersecurity report found that only 35% of dealers fully comprehend the new ruling and less than half are well-prepared. While 71% were familiar with protection mandates including multi-factor authentication, data encryption, and data and systems inventory, several requirements remain cloudy, including compliance on mitigation, threat detection and response.
“Partnering with a managed service provider can assist dealerships in eliminating the guesswork for FTC compliance, ensuring a safer, more secure and up-to-date IT infrastructure,” said Bell.
Andrew McClure, director of IT Operations of The Patrick Dealer Group locations in Illinois, echoed Bell’s recommendation on dealer cybersecurity safeguarding. “Engage with a chief information security officer who aligns with (analytic models) FAIR/NIST/CISA standards, research best practices and follow directions on structuring a layered cybersecurity program for your business,” McClure suggested. “Cybersecurity investments will pay dividends in threat/risk reductions.”