Tag Archives: automotive

The 3 Most Difficult Issues in TISAX Compliance

Posted on by
Reply

 

The journey to achieving TISAX compliance can feel like navigating a complex labyrinth, fraught with unexpected twists and turns. TISAX, or Trusted Information Security Assessment Exchange, is a key certification for automotive companies, reflecting comprehensive security standards. As businesses grapple with these rigorous requirements, understanding the most challenging hurdles is critical for successful compliance.

 

TISAXCompliance

 

For many organizations, defining and implementing comprehensive security controls stands as a primary challenge, demanding a deep comprehension of TISAX standards and the ability to address varied regional cybersecurity threats. Compounding the complexity are the diverse maturity levels and stringent assessment criteria, necessitating meticulous preparation and strategic avoidance of audit pitfalls.

Moreover, the relentless cycle of audits and regulatory overlaps can lead to audit fatigue, all while financial and logistical pressures mount from the hefty costs of certification. By delving into the most formidable aspects of TISAX compliance, this article aims to illuminate how organizations can effectively navigate and conquer these intricate challenges.

The 3 Most Difficult Issues in TISAX Compliance

Navigating TISAX compliance involves multiple challenges for automotive companies. Here are the top three difficulties:

  1. Stringent Documentation Requirements
    Meeting TISAX standards requires detailed documentation of security measures. Auditors expect clear evidence of these measures being implemented and followed. This can be overwhelming as every part of the automotive supply chain must comply.
  2. Scope Alignment with ISMS
    The TISAX assessment scope must align with the Information Security Management System (ISMS). This can be complex, especially for companies accustomed to ISO/IEC 27001. Integrating these systems requires meticulous planning, which small or specialized firms may find particularly challenging.
  3. Achieving Maturity Level 3
    To receive a TISAX label, a maturity level of at least 3, with no non-conformities, is necessary. This means businesses must have flawless processes and controls. Implementing new systems and managing these requirements can lead to hidden costs, covering everything from staff training to process changes.

Despite the difficulties, investing in experienced TISAX consultants may expedite the process, though it adds to the cost.

Introduction: Navigating the TISAX Labyrinth

Navigating the complexities of TISAX compliance can be daunting for automotive companies. Despite not being legally required, TISAX certification is crucial. Major Original Equipment Manufacturers (OEMs) often demand it from suppliers to ensure business continuity.

Successfully maneuvering through the Trusted Information Security Assessment Exchange begins with understanding assessment levels. Companies must define their maturity and assessment levels to set clear audit objectives. This process can present challenges in documenting security measures. Auditors insist on clear evidence that security controls are not only implemented but also maintained.

Costs are another significant hurdle. Company size and chosen assessment level affect expenses. External consulting support for security improvements can add to the financial burden. However, without these investments, passing the TISAX audit remains a distant goal.

Here’s a snapshot of the hurdles on this journey:

Challenge

Description

Documenting Controls

Clear evidence of security measures needed.

Financial Costs

Significant based on company size and scope.

Meeting OEM Demands

Certification vital for securing contracts.

Ultimately, achieving TISAX compliance means overcoming these hurdles. But with precise planning, companies can secure their place in the vast automotive supply chains.

Defining Comprehensive Security Controls

Establishing comprehensive security controls is vital for TISAX compliance in the automotive industry. These controls protect sensitive data like vehicle prototypes and production plans from cyber threats and industrial espionage. The TISAX framework enforces specific measures and focuses on risk assessment and mitigation. It is essential for companies to showcase secure practices in software development and maintain a secure IT infrastructure. Planning for incident response and disaster recovery is also necessary. This preparation helps ensure business continuity in case of security breaches. Furthermore, TISAX mandates frequent security assessments and monitoring to guarantee compliance with evolving cybersecurity threats.

Understanding TISAX Standards and Requirements

TISAX, or Trusted Information Security Assessment Exchange, sets the standard for evaluating information security within the automotive industry. It is based on a questionnaire from the Verband der Automobilindustrie (VDA) and aligns closely with ISO/IEC 27001 standards. Organizations strive for TISAX compliance to ensure the secure handling of business partner information and prototype protection. It also requires adherence to GDPR data protection standards. Companies can choose to perform self-assessments or more rigorous third-party audits, depending on their needs. The ENX Association manages the certification process. It sets the levels and scope of assessments, which enhances trust in the global automotive supply chain.

Addressing Regional Cybersecurity Threats

Though specific regional threats were not detailed, it’s crucial to understand the general landscape. Countries may have different cybersecurity challenges that affect the automotive supply chain. By tailoring security measures to regional needs, companies can better protect sensitive data. Staying aware of local regulations and risks allows companies to refine their security posture, ensuring strong defense mechanisms are in place to fend off diverse cyber threats. This regional awareness enhances proactive measures, ultimately supporting successful assessments and secure operations in the global marketplace.

Varied Maturity Levels and Assessment Criteria

TISAX, or the Trusted Information Security Assessment Exchange, helps automotive companies bolster their security posture. It uses maturity levels to help companies manage information security systems. These levels ensure that security measures meet the demands of automotive supply chains and protect vast amounts of sensitive data. Maturity Level 0 is incomplete, where objectives aren’t required. Maturity Level 1, or Perform, requires basic documentation. Maturity Level 2, or Manage, focuses on ready systems supported by procedures. The TISAX assessment criteria also involve different scrutiny levels. For instance, AL 1 allows self-assessment, but it will not lead to a TISAX label. AL 3 is more rigorous with onsite audits, ensuring detailed evaluations.

Preparing for TISAX Framework Specifics

Preparing for the TISAX framework is crucial for success. It requires a systematic approach. This comes from the German Association of the Automotive Industry (VDA), managed by the ENX Association. Automotive companies need to develop an Information Security Management System (ISMS). The VDA ISA catalog is a guide for aligning with TISAX. This catalog lists security controls tailored for automakers. TISAX standardizes these security measures. Before TISAX, security requirements varied widely across the industry. Now, it reduces inefficiencies by creating consistent guidelines.

Avoiding Pitfalls in Audit Preparation

Readying for a TISAX audit can be daunting. Many firms overlook the time and people needed for thorough preparation. Small businesses with limited staff might find this particularly hard. Technical challenges, such as network segmentation, might surprise some. Another challenge is fostering a security-minded culture company-wide. Every department needs to be onboard. Proper management of third-party suppliers is also vital. Suppliers must meet TISAX requirements, which can add complexity. To avoid pitfalls, companies should plan carefully. Resources should be allocated wisely. Existing tools can help with managing information security documentation. This ensures smoother preparation and a successful assessment.

Managing Audit Fatigue

Audit fatigue is a significant challenge for those seeking TISAX compliance. The process of constantly documenting and providing evidence for security measures can be exhausting. Companies must implement new security controls and technologies regularly, which adds to this fatigue. Balancing the need for continuous remediation of identified security gaps with routine audit preparations can be particularly tiring. Additionally, audit providers often request frequent reassessments to confirm compliance, further contributing to fatigue. Moreover, integrating staff training and awareness programs as part of compliance efforts demands ongoing attention. This combination of factors can make the process of achieving and maintaining TISAX compliance a daunting task for many organizations.

Dealing with Overlapping Regulatory Standards

The automotive industry faces a web of varied security requirements. TISAX helps address this by offering a unified framework for information security standards. This framework reduces the number of repetitive audits suppliers would otherwise endure. By establishing a common standard, TISAX mitigates audit fatigue and streamlines the security assessment process. This allows companies to meet critical information security requirements without juggling conflicting regulations. TISAX’s development was driven by the need to manage security uniformly across complex global supply chains. By adhering to international security guidelines, companies in the automotive sector can maintain compliance with regulatory standards and industry-specific measures.

Balancing Multiple Compliance Audits

Compliance with TISAX helps companies share audit results with many business partners. This shared assessment system reduces the need for repeated audits. TISAX offers different assessment levels, like AL 2 and AL 3, letting organizations decide on the depth of their audits. These levels allow companies to choose the right complexity for their compliance needs. While ISO 27001 needs independent certification audits, TISAX provides both self-assessments and on-site audits. For companies in the automotive supply chain, TISAX audits ensure a consistent and high level of security across partners, suppliers, and service providers. Without TISAX certification, a company might struggle to work with key industry players, making these audits crucial for participation in the automotive industry.

Dealing with Overlapping Regulatory Standards

The automotive industry faces the challenge of overlapping regulatory standards. These can cause confusion and effort duplication among manufacturers and suppliers. TISAX, or the Trusted Information Security Assessment Exchange, offers a solution. It creates a unified framework for information security, reducing audit burdens.

Challenges of Overlapping Standards:

  • Multiple Audits: Companies often undergo several audits, which can be resource-intensive.
  • Conflicting Rules: Different regions and partners may have varying security requirements.
  • Complex Supply Chains: Global supply chains add layers of complexity.

TISAX Benefits:

  • Streamlined Process: A single standard minimizes conflicting regulations and simplifies compliance.
  • Reduced Audit Fatigue: Suppliers face fewer repetitive audits, freeing up resources.
  • Consistent Compliance: Facilitates adherence to both international guidelines and industry-specific measures.

A standard like TISAX is necessary for uniform security management across the automotive supply chain. It helps companies maintain a robust security posture while saving time and resources. By offering consistent standards, TISAX ensures information security is strong and consistent throughout the automotive industry.

Balancing Multiple Compliance Audits

Balancing multiple compliance audits can be challenging for automotive companies. TISAX compliance offers a streamlined solution by allowing companies to share audit results with multiple business partners. This shared assessment system reduces repetitive audits, saving time and resources.

Below are some key points to consider:

  1. Assessment Levels: TISAX features different assessment levels, like AL 2 and AL 3. These levels help determine the depth and complexity required for compliance audits.
  2. Types of Audits: TISAX provides flexible audit options. Companies can choose from self-assessments, on-site audits, and more based on their specific compliance needs.
  3. Industry Collaboration: For companies in the automotive supply chain, TISAX certification is crucial. It ensures a high level of security across partners and suppliers, enabling collaboration with key industry players.

Here’s a quick comparison to illustrate:

ISO 27001

TISAX

Independent certification audits

Shared assessment results

Fixed audit structure

Varying assessment levels

Being TISAX certified is essential for integrating with the automotive industry’s supply chains and maintaining a strong security posture. This ensures business continuity and compliance with security standards.

Financial and Logistical Challenges

Achieving TISAX compliance poses both financial and logistical hurdles. Companies new to these requirements may find creating an efficient Information Security Management System (ISMS) costly. Expenses can range from €20,000 to €50,000, especially if a company lacks a pre-existing system. Understanding and implementing TISAX’s complex criteria might call for consultant services, adding to financial burdens. Beyond costs, the process requires significant logistical preparation. Companies must conduct a gap analysis, train employees, document thoroughly, and select an auditor. A well-structured approach can ease this process. Breaking down complex requirements into smaller tasks and using ISMS tools effectively helps manage compliance data efficiently.

Costs of TISAX Certification

The financial demands of TISAX certification can vary widely. The overall expenses depend on factors like an organization’s security maturity and chosen assessment level. Typically, audit provider fees range between $5,500 and $16,500 USD. Additionally, registration fees may be about $500 USD. If a company opts for a physical audit at assessment level AL 3, costs may rise by 15-20% compared to AL 2. Preparing an ISMS, tech upgrades, and external consultations can add between $22,000 to $55,000 USD. Consulting fees can cost €100 to €300 per hour, with an annual label fee from $1,100 to $3,300 USD. Such expenses can stretch budgets, especially if companies need ongoing external help.

Leveraging Strategic Investments and Partnerships

For TISAX success, strategic investments and partnerships are crucial. Collaborating with seasoned auditors early on ensures a well-calibrated compliance effort and valuable feedback. Organizations should focus on key areas like policy development and security controls first, before branching out. Investing smartly in continuous compliance programs ensures that ISMS evolves with business changes. This approach upholds security standards and aligns with industry goals. Achieving TISAX compliance is also vital for fostering trust and safeguarding sensitive data. Though non-compliance isn’t fined, it risks business and reputation in the automotive sector. Therefore, prioritizing these investments can enhance competitiveness and partnership quality within the industry.

Conclusion: Overcoming TISAX Compliance Hurdles

Navigating TISAX compliance can be challenging for the automotive industry, especially when dealing with the Trusted Information Security Assessment Exchange criteria. The key lies in breaking down these requirements into manageable steps. Hiring consultants with TISAX expertise is often beneficial, as they help guide companies through this complex process.

Implementing a robust Information Security Management System (ISMS) is another major hurdle. For companies starting from scratch, investing in comprehensive ISMS tools and planning realistically is crucial. This helps ensure the system supports TISAX standards efficiently.

The certification process itself is time-consuming and resource-intensive. Advanced planning with realistic timelines and dedicated resources is necessary to prevent team burnout. Working with an experienced TISAX auditor early on can provide valuable feedback and streamline the compliance journey.

Continuous compliance requires regularly updating the ISMS to keep up with industry and regulatory changes. This ensures alignment with business goals and secures long-term business continuity. By adopting these strategies, companies can overcome TISAX compliance challenges effectively and maintain a strong security posture in the automotive supply chain.

Key Strategies:

  1. Break down TISAX criteria.
  2. Invest in ISMS tools.
  3. Plan realistically for certification.
  4. Work with experienced auditors.
  5. Regularly update ISMS.

Getting Insights and Help from MicroSolved, Inc.

MicroSolved, Inc. is a trusted partner in enhancing security measures, especially for industries like automotive manufacturing and supply chains. They offer expert guidance on complex security challenges.

Benefits of Consulting with MicroSolved:

  • Expert Advice: Leverage their extensive knowledge in security standards and legal requirements.
  • Customized Solutions: Tailor security measures to fit your company size and specific needs.
  • Proactive Strategies: Develop strategies to protect intellectual property and prototype protection.

Key Services Offered:

  1. Risk Assessment: Identify potential risks in the automotive supply chain.
  2. Security Management: Implement robust security management frameworks.
  3. Business Continuity: Ensure operations run smoothly even during disruptions.

Their approach involves thorough internal audits and a successful assessment strategy, which includes both remote and in-person evaluations. This helps partners maintain a strong security posture.

MicroSolved’s insights are vital in meeting the high assessment levels needed in the Trusted Information Security Assessment Exchange (TISAX), providing confidence to business partners and original equipment manufacturers.

For any automotive company, understanding and complying with TISAX is crucial. MicroSolved, Inc. provides the insights necessary for achieving compliance and securing your place in the automotive industry.

 

 

* AI tools were used as a research assistant for this content.

 

3 Steps To Increase Cyber Security At Your Dealership

Posted on by
Reply

Car dealerships and automotive groups are juicy targets for cybercriminals with their wealth of identity and financial information. Cyber security in many dealerships is lax, and many don’t even have full time IT teams, with even fewer having cybersecurity risk management skills in house. While this is changing, for the better, as dealerships become more data-centric and more automated, many are moving to become more proactive against cybersecurity threats. 

In addition to organized criminals seeking to capture and sell personal information,  global threats stemming from phishing, malware, ransomware and social engineering also plague dealerships. Phishing and ransomware are among the leading causes of financial losses tied to cybersecurity in the dealership space. Even as the federal regulators refine their focus on dealerships as financial institutions, more and more attackers have shifted some of their attention in the automotive sales direction.

Additionally, a short walk through social media doesn’t require much effort to identify dealerships as a common target for consumer anger, frustration and threats. Some of the anger shown toward car dealerships has proven to turn into physical security concerns, while it is almost assured that some of the industry’s network breaches and data breaches can also be tied back to this form of “hacktivism”. In fact, spend some time on Twitter or chat rooms, and you can find conversations and a variety of information of hacking dealership wireless networks and WiFi cameras. These types of cybersecurity incidents are proving to be more and more popular. 

With all of this cybersecurity attention to dealerships, are there any quick wins to be had? We asked our MSI team and the folks we work with at the SecureDrive Alliance that very question. Here’s the best 3 tips they could put forth:

1) Perform a yearly cybersecurity risk assessment – this should be a comprehensive view of your network architecture, security posture, defenses, detection tools, incident response plans and disaster recovery/business continuity plan capabilities. It should include a complete inventory of all PII and threats that your dealership faces. Usually this is combined with penetration testing and vulnerability assessment of your information systems to measure network security and computer security, as well as address issues with applications and social engineering. 

2) Ensure that all customer wireless networks and physical security systems are logically and physically segmented from operations networks – all networks should be hardened in accordance with information security best practices and separated from the networks used for normal operations, especially finance and other PII related processes. Network traffic from the customer wireless networks should only be allowed to traverse the firewall to the Internet, and may even have its own Internet connection such as a cable modem or the like. Cameras and physical security systems should be hardened against attacks and all common credentials and default passwords should be changed. Software updates for all systems should be applied on a regular basis.

3) Train your staff to recognize phishing, eliminate password re-use among systems and applications and reportcybersecurity attacks to the proper team members – your staff is your single best means of detecting cyber threats. The more you train them to identify and resist dangerous behaviors, the stronger your cybersecurity maturity will be. Training staff members to recognize, handle, report and resist cyber risks is one of the strongest value propositions in information security today. The more your team members know about your dealership’s security protocols, service providers and threats, the more effective they can be at protecting the company and themselves. Buidling a training resource center, and setting up a single point of contact for reporting issues, along with sending out email blasts about the latest threats are all great ways to keep your team on top of the issues.

There you have it, three quick and easy wins to help your dealership do the due diligence of keeping things cyber secure. These three basic steps will go a long way to protecting the business, meeting the requirements of your regulatory authority and reduce the chances of substantial harm from cyber attacks. As always, remaining vigilant and attentive can turn the tide. 

If you need any assistance with cybersecurity, risk management, penetration testing or training, MicroSolved and the SecureDrive Alliance are here to help. No matter if you’re a small business or a large auto group, our risk management and information security processes based on the cybersecurity framework from the National Institute of Standards and Technology (NIST) will get you on the road to effective data security. Simply contact MSI via this web form, or the SecureDrive Alliance via our site, and we will be happy to have a no cost, no hassle discussion to see how we can assist you.  

Car Dealership Threat Scenario – Wireless Printer Hacking AP Fraud

Posted on by
Reply

Today, I wanted to talk about a threat scenario that we have modeled recently. In the scenario, the victim was a car dealership, and the target was to commit accounts payable fraud. The testing scenario is a penetration test against a large group of car dealerships, but our research shows the threat to be valid against any number of organizations. 

Here’s the basics of the scenario:

  • The team found a car dealership with an extensive wireless network. Though the network was encrypted and not available to the public, the team was able to compromise the wireless credentials using a wifi pineapple in a backpack, while pretending to shop for a new car.
  • The team used the credentials to return later, appearing to wait for a service visit and working from the customer lounge. (The coffee and snacks were great! )
  • The team logged into the wireless network and quickly identified many devices, workstations and such available. Rather than focus on the workstations or attempt an attack on the users – the team instead focused on the shared printers.
  • One printer was identified with the name “BackOffice”, and access to the print spool was easily obtained through known default passwords which hadn’t been changed on the device.
  • Our team made notes of attack their recon attack path, and left the dealership.
  • Once away from the dealership a couple of simple social engineering calls were made to the accounts payable folks, pretending to be a vendor that we had observed at work at the facility. Without any real information, the accounts payable team member explained when we could expect payment, because accounts payable checks were processed every Thursday morning. The social engineer thanked them and completed the call.
  • On Thursday morning, the team showed up at the dealership again, pretending to wait for a service appointment. While in the lounge, they accessed the compromised network and printer. This time, taking deeper control of the printer’s file buffer.
  • The team waited for the accounts payable staff to submit their weekly check printing to the printer. Indeed, around 10:45, the printer file showed up in the printer spool, where our penetration testing team intercepted it. 
  • The team quickly edited the file, changing one of the checks in amount (increasing the amount by several thousand dollars) and the payee (making the check payable to a fictional company of our choosing). They also edited the mailing address to come to our office instead of the original vendor. (PS – we alerted the manager to this issue, so that the bill could be paid later — never harm a client while doing testing!!!)
  • The file was then re-sent to the printer and released. The whole process occurred in under 3 minutes, so the AP person never even noticed the issue.
  • One expected control was that perhaps the AP staff would manually reconcile the checks against their expected checks, but this control was not in place and the fake check was mailed to us (we returned it, of course!).

This is a pretty simple attack, against a very commonly exploitable platform. Poor wireless network security and default installs of printer systems are common issues, and often not given much thought in most dealerships. Even when organizations have firewalls and ongoing vulnerability scanning, desktop controls, Anti-Virus, etc. – this type of attack is likely to work. Most organizations ignore their printers – and this is an example of how that can bite you.

These types of threat scenarios are great examples of our services and the threat modeling, fraud testing and penetration testing available. If you’d like to learn more about these kinds of activities, or discuss how to have them performed for your organization – get in touch. You can contact us via web form or give us a call at (614) 351-1237. You can also learn more about our role and services specific to car dealerships here.

Thanks for reading and let me know if you have any questions – @lbhuston on Twitter.

Business Email Compromise Attacks on Dealerships

Posted on by
Reply

Business email compromise attacks are a significant threat to car dealerships.

Among the car dealerships we work with, two large threats represent the most significant risks at the moment. The first is ransomware, which we have covered extensively on this blog. The second, business email compromise, we’ve also talked a lot about, but mostly in terms of traditional financial services firms. However, business email compromise is one of the most common cybersecurity attacks today and, according to the FBI’s Internet Crime Complaint Center, costs American firms $1.7 billion in 2019, while worldwide losses might well have reached over $5 billion!

How big is the risk of a business email compromise in a dealership?

Business email compromise attacks occur every single day across a variety of industries. Business email compromises typically occur via two specific attack vectors: phishing and stolen credential reuse. Most of our dealerships have significant controls around phishing, with those detection systems reporting tens to hundreds of attempts per day. While the phishing tools are good enough to stop the vast majority of common phishing attacks, there are some that make it through the network and computer-based defenses. When this happens, it is up to the humans in the dealership to be aware enough of the issue, be paying enough attention and have good enough training to prevent the phishing message from becoming a compromise.

In the second attack vector for business email compromise, attackers reuse stolen or leaked credentials (logins and passwords) that have become available on the Internet. There are several common forums and pastebin-type sites where these credentials are dumped, traded or sold (if you want to learn about a common tool to help monitor for these issues, check out ClawBack) and attackers monitor these sites with various tools. Once they see a leaked set of credentials, they try and use it on the web mail logins of their targets. If the user has the same login and password across many sites (many do), then the attacker may compromise the web mail account and be logged into the corporate email system as the user.

What happens in a typical business email compromise in a dealership?

Once the attacker has access to the email system, they will often spend a little time reading the emails and browsing through any files that the email server maintains. If the system includes chat capabilities, they often read those as well. They do this to learn about the user, their position and what the attacker may be able to use the compromised account to do. If any valuable information is in the email archive or on exposed files, they often steal that data right away for resale.

It’s not uncommon for attackers to set a forwarding address for compromised mail accounts, redirecting copies of emails to themselves so that they can monitor the email activity of the user without logging back into the server – thus reducing their chances of being discovered. If the compromised account doesn’t seem useful to the attacker, they will often use it to send phishing emails to other people in the address book, including other internal users, business partners, customers and the like. These phishing attacks are often highly successful, given that they come from a trusted contact and the attacker can tailor the language and tone of the email to match usual conversations.

Once the attacker gets access to an account that they feel is capable of either gaining them network access (think executives who can make requests of subordinates) or allow them to move money (think about accounts payable, wire, ACH and other banking fraud), they will use the email account to send messages, forms (if available) or other requests to get what they want. Again, these attacks are often highly successful, because the attacker comes from a known account, can tailor the language and tone of the messages, and can use social engineering techniques to apply pressure to the victims in order to get them to do things they might not ordinarily do.

What can dealerships do to prevent business email compromises?

Dealerships can combat business email comprise attacks by ensuring that their phishing and authentication defenses are up to par. They can train their team members to be on guard for messages that apply pressure, declare urgency or ask for unusual activities. The dealership can implement training and protocols for voice validation checks for unusual requests and perform ongoing testing of these types of scenarios to educate and keep their staff on guard.

Dealerships can also be vigilant about their email systems, configuring them to apply controls, ensure that logging and other security measures are in place. They can implement multi-factor authentication. They can have ongoing assessments and penetration testing – including business email comprise-based scenarios.

Reducing the risk is doable, but it does require work, investment and continued vigilance. Attackers only have to be right once, while the security controls and your team have to be right every single time to prevent losses. With incidents ranging from tens of thousands of dollars to hundreds of thousands of dollars in losses – paying attention to business email compromises is critical for dealerships of all sizes.

To learn more about tools, techniques and testing to help your organization prevent, detect and respond to business email compromise attacks, get in touch with our team at SecureDrive Alliance for more information and a free risk discussion today.

Announcing the Launch of the SecureDrive Alliance

Posted on by
Reply

LMS Consulting and MicroSolved are proud to announce the launch of the SecureDrive Alliance. This team effort is specifically focused on the needs, regulatory requirements and threats facing automotive dealerships today.

SecureDrive Alliance

The alliance will be providing the following focused services to dealerships across the US:

  • Risk assessments
  • Vulnerability assessment and penetration testing
  • Application security
  • Phishing simulations
  • Risk management training

To learn more about the SecureDrive Alliance, the leaders of both companies have put together a quick MP3 discussing the reasons behind the launch and the capabilities that the alliance brings to bear. You can listen to the 9 minute MP3 here.

To put the team to work on securing your dealership, give a call to Justin LeBrun, or drop him an email.