[Editor's note: This story was updated Nov. 20, 2024]
There’s no escaping cyber security attacks. Erik Nachbahr, president and founder at Helion Technologies, says attacks are occurring to all businesses all the time.
Speaking to a group of medium- and heavy-duty truck dealers and independent distributors Wednesday during a keynote address at the Karmak Leadership & Technology Conference in St. Louis, Nachbahr says there’s no place to run or hide. Keeping a business safe today requires an understanding that while you can’t prevent everything, proactive decisions today can minimize the damage your business will take when it eventually and inevitably gets hit.
[RELATED: Three lines of defense against cyberattacks]
“It’s not a matter of if you will have a security incident, it’s a matter of when you’re going to have a security incident. And how bad is it going to be,” Nachbahr says.
According to Nachbahr, about 75% of cyberattacks come from outside of a business, and slightly more than half (51%) are perpetrated by organized criminal organizations. Hackers aren’t the “nerdy kid in the basement” you see on TV, Nachbahr says, they are full scale criminal organizations that operate and function as businesses.
He says most cyberattackers hack into businesses using malware, or by taking advantage of weak employee passwords that can be stolen or discovered. In the case of malware, he says 66% are installed in businesses through emailed attachments — such as instances where an unknown email poses as a customer or supplier and provides an attachment disguised as general information that installs a tracking bot on your computer. From there, the bot works its way into a dealer’s computer system, providing data to the criminal organization that is used for future attacks, or access to funds and proprietary information.
[RELATED: Fending off cyberthreats: The aftermarket is not immune to cyberattacks]
Nachbahr says one hacking trick that’s becoming increasingly targeted toward business executives is ‘whaling.’ This method once again finds the hacker posing as a person an executive knows, disguising themselves via email and carrying on regular conversations with the executive until the executive provides private information the hacker can use.
And terrifying as that sounds, Nachbahr says that’s not a method limited to large corporations. He says it can be found everywhere.
“This is happening with dealerships, with our clients, this is not some crazy thing,” he says.
Another nasty move that can be crippling for dealers are distributed denial of service attacks, known as DDoS attacks. Nachbahr says in these attacks, the hackers “will flood your connection with a massive amount of data and then you can’t get online.” He says such attacks are most common on Black Friday and Cyber Monday because they cripple e-commerce businesses, and says the increasingly scary thing about them is they can be perpetrated by hackers at the behest of an industry competitor.
What is the answer to these risks? On Wednesday Nachbahr provided a few key takeaways for the dealers in attendance.
[RELATED: Ransomware attacks are on the rise; protect your small business]
First, he says all businesses should invest in cyber security insurance coverage and know their limits. Second, he says its necessary that dealers develop a one-page incident response team and plan for when incidents occur. Nachbahr says incidents become breaches when they aren’t caught or monitored, and that once a company suffers a cyber security breach, they “are under legal obligation to do something.”
It’s also best to perform a cyber security risk assessment on your business. Nachbahr says these assesssments can be eye opening and terrifying but are ultimately valuable, because they provide guidance as to where improvements need to be made.