In the July 2025 Auto Dealer Today digital article “More Auto Retailers Would Benefit from Additional Cyber Defense,” contributor Karl Falk writes how technology advances in the automotive retail and lending industries have created new cybersecurity challenges. We asked Guardian president and CEO Chuck Smith, who is currently working with several auto dealership groups (multiple rooftops), to expand on the issues raised in the article and discuss what steps dealerships should take next.
Q: The article talks about “alarming gaps in cybersecurity practices” and a “major deficiency in more advanced protections.” As you interact with auto dealerships, is this what you’ve seen in practice?
Chuck Smith: Yes, they absolutely have glaring deficiencies. But you’ve got people who own 50 and 100 dealerships and you’ve got people who own one. So, while there are common elements, you have completely different security requirements.
The real issue is that the security posture of auto dealership groups as an industry is 10 or 15 years behind more technologically advanced markets, like healthcare, financial institutions, tech companies. Auto dealerships didn’t traditionally invest a lot in cybersecurity technology because they were never a target. But as we all saw with CDK Global, that’s not the case anymore. Attackers are going after small- and medium-sized businesses, like dealerships.
Q: The article references ransomware and obtaining customer information as two motives for a dealership cyberattack. What kind of attacks are most likely to hit auto dealerships?
Chuck Smith: Auto dealerships are usually not technologically sophisticated. It’s not what they do as a core business. Their attacks are most likely to come from “phishing” – a dealership employee clicking on something they shouldn’t. That’s when you get your ransomware demand or customer info stolen.
But recently – and perhaps more importantly – we’ve seen attacks on dealerships as a way to move up and around the supply chain, to get to finance companies, suppliers, and the auto manufacturers themselves. And the hackers may sit, undetected, in your systems and keep collecting info, leading to corporate espionage.
And hackers may not even be in it for their own financial gain. We’re seeing “social warriors” attacking the auto industry because they don’t like fossil fuel usage, or other social or political reasons.
Q: You mentioned hackers being undetected. Within the article there is a section titled “Some Dealers Unsure If They’ve Been Hacked,” which says while about 20 percent of surveyed dealerships report being attacked, 40 percent are not sure whether they’ve been compromised or not. How is it possible to be unsure?
Chuck Smith: It’s like the old story of having a hole in your roof. When the weather’s nice you don’t know you have a hole, and when it rains it’s too late. Today, the preponderance of auto dealership security is being provided by a managed service provider (MSP). They’re paid for things like managing desktop computers, licensing backups, installing printers, and onboarding a new employee’s laptop. But they’ve started biting off on the security apple.
However, it will be the most basic security tools, like anti-virus and firewalls. So, there are a lot of dealerships that are buying the security recommended to them by the only IT people they have – the MSP. Dealerships need to realize that the MSP – whose overwhelming majority of revenue comes from maintaining IT systems – offers only the simplest cybersecurity because they’re not going to hire expert cybersecurity staff. So, it is absolutely possible that there are dealerships that have been hacked, and both the dealership and the MSP don’t know it.
Q: The article says that dealerships lack “comprehensive cybersecurity strategies” that leave them vulnerable. If dealerships are not technologically sophisticated, what are they supposed to do? How do you introduce these strategies to them?
Chuck Smith: That’s our big challenge and why we developed our concept of zones. So, the most important thing is to explain it first. Let’s start with the threat actor who wants to steal your stuff. Who wants to steal from your dealership, and why? That’ll tell you what kind of protections you need. Then we need to make it clear to you what you’re buying and what it does.
We see people who want to sell a customer something, but nobody wants to explain it. You have to break it down because cybersecurity tools do so many things. There are so many different cybersecurity technologies and tools competing for very limited budgets. The article mentions firewalls and antivirus – that’s protecting and detecting. That’s the same strategy from the 1980s for protecting a network. But now there are tools that you use to prepare for an impending attack. There are tools that you use for predicting an attack before it even gets there. But there are vendors that will tell you that their product is the most important, or that it does everything. It doesn’t work that way. A dealership’s specific strategy is a combination of the right tools.
Q: According to the article, auto dealerships cite the inability to find the right partners or resources as their biggest obstacle in implementing cybersecurity. How do you talk to an auto dealership about investing in cybersecurity?
Chuck Smith: So first and foremost, it’s introducing the concept of our zones. And we tell people, look, you don’t have to like the way we organized our thinking. You can have your own. But what’s important is that we agree to organize our thoughts on cybersecurity together. And so, for us personally, we also have to acknowledge that you don’t want to spend a lot of money on cybersecurity and haven’t thought of yourself as a target.
Because we’re a “pure play” security service provider, not representing a single technology or a single manufacturer. I’m not set on selling you just one thing. You want value for your dollar when you do spend it. So let’s start first and go, hey, let’s agree that we can put whatever you’re paying for today in one or more of these five buckets, or zones.
The money you’re spending on security should prepare you for an attack; it helps you predict where an attack’s coming from; it protects you from and then detects an attack; and it helps you recover. So, let’s spread our spending across and don’t sink it all in one silo performing one thing. The perfect world for an auto dealership is a full zone defense.
Don’t leave your dealership exposed. Our five-zone framework helps you understand where your cybersecurity gaps are and how to protect, detect, and respond to attacks—before it’s too late. Grab our no-fluff one-pager and meet with one of our experts about your dealership’s security.
Chuck Smith is the president and CEO of Guardian. He helps organizations outmaneuver cyber threats and strengthen their security posture through innovative cybersecurity and managed IT services. With decades of experience leading technology companies and building cloud-focused startups, Chuck is known for bringing clarity, technical expertise, and a security-first mindset to organizations facing complex challenges. He is proud to have served over nine years in the U.S. Army as an Airborne Infantryman, holding every leadership position within an infantry platoon and shaping the tactical, threat-focused discipline he brings to cybersecurity today. You can connect with him at Chuck Smith | LinkedIn.
You can read the original Auto Dealer Today article here: More Auto Retailers Would Benefit From Additional Cyber Defense – Digital – Auto Dealer Today