Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
Lisa Plaggemier

Lisa Plaggemier Director, Business Security Office

Exclusive Blog Posts

The 95-Percent Delivery that Ends in Divorce

The 95-Percent Delivery that Ends in Divorce

Some parts of the automotive business are a little different in the Great White North. The industry may be more resilient in some ways, and less affect…

How efficient is your sales process?

How efficient is your sales process?

Dealerships today operate in an environment where the consumer experience is a driving factor in dealership selection.  Ecommerce and other third-part…

Core Sales Skills Part 1: Show Empathy

Core Sales Skills Part 1: Show Empathy

  According to the DrivingSales Consumer Experience Study being empathetic is the number one factor that customers look for in a sales cons…

WEBINAR RECORDING - What Matters to Millennials in 2019

WEBINAR RECORDING - What Matters to Millennials in 2019

  For Millennials, there are many forces combining to complicate the car shopping process: an explosion of information sources, their overwhelm…

Google Ads Conversion Tools

Google Ads Conversion Tools

In this video blog, Jim shows that there's more than one way to get on board the conversion train in Google Ads. …

The Security Risks of Outdated Software


The Security Risks of Outdated Software

Resistance to Change Can be a Big Gamble

There are always early adopters of technology – using the latest and greatest in their business and personal lives – and late adopters, who would rather let all the kinks get worked out by someone else first.  And who needs a huge disruption to their business – to their life – just to upgrade technology that’s working just fine? If it ain’t broke, don’t fix it.

The problem is, with technology, it may be broken in ways you can’t see.  You could be gambling your enterprise – your data, your financial resources, your reputation, your security – all while thinking you’re being responsible and avoiding disruption to your business, your employees, and your customers.

The gamble is that using outdated software puts you at an increased risk of having a security breach.

Why?  Outdated software is more likely to have flaws that can be exploited by cyber criminals.  Those security gaps are more often present in older software that’s no longer maintained, automatically updated, or supported by its maker.

You know how there comes a point with an old car when it’s just not worth repairing?  The same thing happens to software – new models come out, and while the developers work to continually “patch” (repair) the old models, at some point, they stop updating their manuals to focus on newer models.  Technology companies using that outdated software in their solutions are left no choice when the original developer is no longer issuing patches.  It’s time to update to something safer.

Case in Point:  Windows XP

Windows XP is so old…how old is it? 

According to The Security Advocate, it’s so old, and the fact that it is outdated is so well known, that law firms still running the software can be held liable for any breach of client data, if the breach is found to be the result of the firm using Windows XP.

“It will be difficult to make a straight-faced argument in court that it was reasonable to safeguard client data with well-known outdated software that the software developer very publicly announced would no longer receive any further support or security updates,” writes The Security Advocate.

Imagine your business being legally liable for an attack, perpetrated by someone else, because your operating system is out of date.

Given that car dealers are essentially considered financial institutions, with lots of sensitive data in their systems, would you gamble your business on this?  Get off Windows XP.

There was a lot of press on updating from Windows XP last fall when Microsoft announced that they were discontinuing support for the 12-year-old software.  It was back in the headlines last spring when a western European country reported that hackers stole $1.32 million from ATM’s.  The ATM’s run on Windows XP, which was cited as the reason they were vulnerable to the attack.

Some Windows XP users are using a hack to protect themselves from a hack. Someone has taken security updates issued by Microsoft for other Windows products, and hacked them to supposedly be effective at updating Windows XP.  Microsoft warns that these updates were not intended for XP and won't protect users.   I don’t know about you, but I don’t think I would trust a random hacker to protecting me from other hackers.

Another Example

CDK Chief Business Security Officer Jim Foote recently spoke to Automotive News about something called the Bourne-Again Shell (Bash) Shellshock vulnerability. 

What is a “shell”? 

 “Simply put, the shell is a program that takes your commands from the keyboard and gives them to the operating system to perform”, according to  Think of it as the innermost part of your operating system.  It’s invisible to the average user, and unfortunately, if a bad guy gets in and exploits your system at the “command level”, that will be invisible to users, too.  It won’t be obvious on Windows or whatever operating system you’re using; it also won’t be visible in the applications you’re using.

What is the Shellshock vulnerability? 

“Shellshock is an outside attack by remote computers or bots against a target system in which remote commands attempt to penetrate firewalls and other security defenses”, says Jim Foote.  “If you’re still running w.e.b.Suite, that’s now over ten years old, it’s time, for security reasons, to upgrade to newer technology.”

Shellshock affects the Unix operating system – a popular system used by CDK, many technologies companies, and the US government.

So if Shellshock is so bad, why can’t you protect against it?  In most cases, you can.  When alerted to the problem last fall by the government, CDK and other technology companies created patches to protect against this vulnerability.  But if you’re using a system that’s running an older version of Unix, no longer being supported by its creator, there is no patch.  The solution is to get up-to-date:  upgrade from your old operating system to the newer, safer, more secure version.

So don’t gamble everything you’ve worked so hard to build in an attempt to keep your business from having to adapt to newer, safer technology.  Playing it safe isn’t playing it safe at all when it comes to using out-of-date unpatched software.  You may be better off putting your money in a European ATM.

If you haven’t updated from WindowsXP, tell us why.  We’d like to hear from you.


 Unlock all of the community & features  Join Now