We have established that cybercriminals are creative and will do whatever it takes to get to the information they are after. In most cases, like phishing emails, they cast a wide net and hope to get one or two unsuspecting individuals to take the bait.
Another common, yet less often talked about, tactic employed by cybercriminals is social engineering. Where phishing is random and broad, social engineering is strategic and designed to prey on human nature to deceive an individual to provide access to sensitive data.
If you or someone you know has ever received the call that there is a warrant out for your arrest and the only way to confirm it is a mistake is by providing your social security number, that is the type of attack we are referring to.
Social engineering is far more dangerous than phishing because while most phishing attacks are very apparent to the recipient, cyber criminals employing social engineering tactics prey on human nature to manipulate unwitting victims. The refinement of this focused, narrow approach makes it even more frightening.
Think you would never fall victim? Put yourself in this scenario which occurred at our client location.
A customer calls in frantic and distraught at the “stupid” mistake they have made. They were in for service earlier that morning and left in such a hurry they forgot their purse. Now they are over an hour away trying to make a huge client meeting that starts soon.
They have a problem though, and they need your help.
There is a flash drive in their purse that contains their presentation for the meeting. They need you to pull a file off the flash drive and email it to them as soon as possible, or their career-making deal they have been working on for months will be lost.
What would you do?
Most people would naturally want to help, just as our client did. They located the purse, found the flash drive and inserted it into their computer. They opened the flash drive and – just like that – the entire dealership was infected with ransomware, crippling every facet of their operation.
Fortunately, DealerIT was able to mitigate the damage for this client, though the costs in hardware replacement alone were quite substantial for the dealer. The scheduled nightly backups we performed ensured minimal data was lost, and our team had their systems back up and running in a relatively short amount of time considering the breadth of the attack.
This story reiterates three things we have touched on regularly. First, cybercriminals are sophisticated, cunning and charismatic in their approaches and will employ any tactic to get what they want. Second, your people are your first line of defense against cyberattack and it is imperative that they are trained regularly to recognize all threats. A qualified managed services provider is vital in preparing, defending, responding to, and recovering from a cyberattack.
How prepared are you and your team?
You train your staff to provide an excellent customer experience and do whatever they can to address a customer’s needs. How can you train them to do that, but also be cautious and mindful of the threat of a social engineering attack?
Partnering with a dedicated managed services provider with cybersecurity expertise can ease this burden. You can focus on your core business while your IT provider provides regular training along with the latest cybersecurity tools to protect your dealership’s sensitive data and financial information.
Social engineering attacks are effective because people are generally helpful by nature. Sometimes the seemingly right thing to do is actually the worst thing possible. Preparation and heightened awareness are usually the only way to know the difference.
Social engineering is just one of the many ways cybercriminals attack. For more information on cybersecurity in automotive, please visit the Automotive Broadcasting Network Dealer IT page.