Remember the movie “War Games?” A teenager hacked into a computer and unwittingly almost started a nuclear war. In the late 60s, a famous phone phreak dubbed “Captain Crunch” figured out a way to make long-distance phone calls for free using a toy whistle from a box of Cap n’ Crunch cereal.
These examples established an early perception of “hackers” as lone wolves: teenagers in basements, social misfits out for revenge or bored college kids pulling pranks. Their intent was relatively harmless, and they eventually got caught and had to pay consequences.
Unfortunately, this perception still exists today and is one reason why many businesses don’t take the threat of cyberattacks seriously.
To understand how serious the threat of a cyberattack is, you need to understand who’s behind the threat and what their motivations are.
Cybercrime is the world’s fastest growing criminal industry. By 2021, cybercrime will cost the world $6 trillion annually. This is the greatest wealth transfer in history, far more profitable than the entire global trade of illegal drugs.
The motivation for most cybercriminals is money, pure and simple. Cybercrimes are designed to steal money and data that can be sold for money. Once stolen, consumers’ personal and identifiable information (PII) is typically sold on the dark web, purchased by other criminals with plans to exploit that information.
Most “hackers” today are employees of large multi-national crime organizations, some of which are state-sponsored. Around the world, smart and tech-savvy people are being lured by the promise of huge salaries. Entry-level cybercriminals make about $40,000 per year (which is an excellent salary in many countries). But the real payoff comes with experience, with seasoned cybercriminals raking in $1 million to $2 million per year.
These cybercrime organizations and their employees find safe haven in countries that don’t have extradition agreements with the U.S. China and Russia are the two biggest offenders, followed by Iran and North Korea. However, cybercriminals reside in many countries, including the U.K., Germany, Australia, Japan, South Korea, Ukraine, Israel, France and even the U.S.
U.S. Companies Targeted
Who do these cybercriminals like to attack? Companies in the U.S. are the most targeted, followed by companies in China, India and Europe.
Most of the news-worthy attacks we hear about on the news happen to large organizations, such as government agencies, or healthcare, retail, tech and financial institutions.
But that doesn’t mean that auto dealers aren’t at risk. In fact, 43% of cyberattacks target small businesses with fewer than 250 employees. In particular, companies with antiquated information technology (IT) infrastructures are easy to exploit, and Windows is the most targeted platform.
Does this profile sound familiar to you?
In most dealerships I have seen the IT networks are outdated, with some running the same setup and technology they had five years ago. Many dealers have not made significant upgrades in 10 years. They also trust the management of IT to people who aren’t qualified—in fact, only a third of dealerships employ a network engineer with computer security certifications and training.
Additionally, I have seen many dealerships still running the Windows 7 operating system on computers that are 4 or 5 years old. As of January 2020, Windows 7 will no longer be supported with updates by Microsoft. If you’re still running Windows 7 in January, your dealership will be highly vulnerable to a cyberattack.
It’s nearly 100% certain that cybercrime syndicates already have a plan in place to exploit organizations that haven’t yet upgraded to Windows 10 when January rolls around. Thousands if not hundreds of thousands of cybercriminals around the world are waiting for this opportunity.
Unfortunately, the problem of cybercrime is only going to get worse and it may never get better. This could be the new normal. Thousands of extremely smart people spend every minute of every day dreaming up new ways to steal your money.
The malware threat is now migrating from PCs and laptops to smartphones and mobile devices. Experts worry that in the near future, cybercrime could take an even darker turn. Got a pacemaker? It could feasibly be switched off by a cybercriminal in another country, unless you send bitcoins.
Connected cars also make us vulnerable to what could be an entirely new form of terrorist attack: causing random cars to crash.
But why worry about things you can’t control? There’s plenty that you can control, starting with taking the threat of a cyberattack seriously, and creating a plan to prevent it.