Cyber security specialists described the automotive sector to Autocar Business as "an industry under attack" where hacks have become "business as usual." Two recurring themes explain why: workforce churn inside dealer groups and the way dealerships now handle financial products and customer data.
Mark Rodbert, CEO at Idax Software, identified staff turnover as a core vulnerability. When employees leave and their permissions or accounts remain active, organisations widen their attack surface and create easier paths for malicious insiders or credential misuse. Rodbert also pointed to the volume of finance applications handled by dealers. That flow of sensitive customer and payment data turns dealer IT systems into high-value targets for ransomware and data theft.
Alistair Wesson, director of Mongoose Cyber Security, summed up the technical consequence: the more forgotten or unused logins and services remain, the bigger the set of things attackers can try. He recommends shrinking that surface by removing unused permissions and web servers.
Principal vulnerabilities highlighted
- Persistent accounts and permissions: Employee churn without timely deprovisioning leaves credentials that can be exploited.
- Dealer finance systems: High volumes of personal and financial data concentrated in dealer platforms attract ransomware operations and data extortion.
- Exposed services: Forgotten web servers and unused permissions increase the number of attack vectors.
Concrete housekeeping actions that reduce risk
These are the low-effort, high-impact controls implied by the specialists' comments:
- Enforce timely deprovisioning: Revoke access immediately when staff leave or change roles.
- Inventory and remove dormant accounts: Regularly scan for and delete forgotten logins and service accounts.
- Minimise permissions: Apply least-privilege controls so employees and systems have only the access they need.
- Harden dealer finance platforms: Treat dealer systems that process finance applications like financial services platforms, with stronger monitoring, encryption and access controls.
- Reduce exposed infrastructure: Catalogue and retire unused web servers and externally facing services to shrink the attack surface.
Recent high-profile incidents across the broader retail and automotive landscape have kept cybersecurity in the headlines, and the automotive sector's own profile has risen because of the combination of operational technology and sensitive customer data. The specialists quoted view the problem as systemic: it's not a single weakness but a cluster of routine operational issues that cumulatively invite attackers.
Why simple fixes matter most right now
Expect continued scrutiny of dealer IT practices and more public reporting about incidents that affect manufacturing and retail operations. Organisations that prioritise deprovisioning and least-privilege policies will reduce near-term risk and complicate attackers' ability to weaponise former employees' credentials or high-volume finance workflows.