Dear Valued Customer,
Automotive dealerships are built on relationships, trust, and service. Your customers rely on you to protect their information and keep sales, service, financing, and support moving. At CorePlus, trust is the foundation of every customer relationship. Thank you for allowing us to support your organization as cybersecurity, compliance, and technology risk continue to evolve. We are grateful for the confidence you place in our team, and we remain committed to helping you protect your people, your data, your operations, and the communities you serve.
Why This Matters Now
Cyber risk is no longer limited to isolated criminal activity. Organizations are facing a blended environment where ransomware groups, nation-state actors, hacktivists, and opportunistic attackers often use similar tactics. The most important shift is that attackers increasingly look for leverage: stolen data, disrupted operations, third-party access, and public pressure.
Iranian Cyber Impact: A Practical Assessment
Iranian-linked cyber activity should be viewed as a realistic, event-driven risk rather than a headline-only concern. During periods of regional conflict, sanctions pressure, or direct confrontation with U.S. interests, Iranian-aligned and opportunistic actors may increase phishing, credential attacks, website defacement, denial-of-service activity, exploitation of vulnerable internet-facing systems, and attempts to use third-party access as a foothold. The most likely impact is not a custom attack against every organization; it is opportunistic pressure against exposed VPNs, unpatched firewalls, weak remote access, cloud misconfigurations, and reused credentials.
Dealerships are not usually first-choice strategic targets for Iranian-linked actors, but they are exposed to opportunistic campaigns that increase during periods of instability. Exposed remote access, weak passwords, unpatched systems, email compromise, and vendor platforms can all create risk. The practical concern is business interruption and customer data exposure, not just espionage.
Forward-Looking Quantum Threat Assessment
Quantum computing is not an immediate mass-market threat, but it is a present-day planning issue. Practical systems capable of breaking RSA and elliptic-curve cryptography at scale remain expensive, fragile, and concentrated among nation-states, major technology companies, and research institutions. The real risk is the migration window: cryptography is embedded in identity systems, VPNs, certificates, cloud services, applications, backups, and vendor platforms. Data stolen today may retain value long enough to be decrypted later, making cryptographic inventory and crypto-agility practical priorities now.
For dealerships, quantum risk is more about the vendor ecosystem and long-lived identity or financing records than immediate quantum attack. Dealerships should ask key vendors how they manage encryption, certificates, remote access, archived customer records, and future post-quantum migration. Customer finance, identity, insurance, and HR records deserve special attention because they may retain value for years.
The Current Threat Landscape
Current breach and threat intelligence reporting shows a consistent shift: attackers are exploiting software vulnerabilities faster, relying on trusted identities and third-party access, using cloud and SaaS integrations as paths to data, and applying AI to accelerate phishing, reconnaissance, and intrusion activity. Verizon's latest DBIR reporting indicates vulnerability exploitation has become a leading breach path, ransomware remains present in a large share of breaches, the human element is still a major factor, and supply-chain involvement continues to rise. Google Cloud threat reporting highlights increased exploitation of third-party software and SaaS trust relationships. CrowdStrike reports sharply compressed breakout times and AI-enabled adversary activity, while Palo Alto Networks Unit 42 emphasizes the role of weak identity controls and over-permissioned cloud access. IBM's 2025 breach research adds that shadow AI and insufficient AI governance are now measurable breach-cost and access-control issues. The business implication is that security programs should combine employee awareness with faster patching, MFA, better detection of data movement, tested incident response, AI-use governance, and stronger third-party oversight.
For dealerships, the current threat landscape translates into practical priorities: patch exposed systems, enforce MFA, train employees on mobile phishing and payment redirection fraud, monitor for data theft, and reduce overdependence on a single vendor or workflow. The CDK Global disruption showed how a technology outage or third-party cyber incident can affect sales, service, financing, scheduling, and customer communications at the same time.
Employee AI Risk & the Rise of AI Governance
Employee AI risk is now part of cybersecurity and compliance, not a separate innovation topic. Staff may use public AI tools to summarize emails, analyze spreadsheets, draft customer communications, troubleshoot code, review contracts, or process support tickets. Without policy and technical guardrails, that can expose confidential data, protected personal information, customer records, credentials, trade secrets, or regulated business information. AI governance should define approved tools, prohibited data inputs, human review requirements, logging expectations, vendor review, retention rules, and escalation paths for AI-related incidents.
Employee AI risk includes sales, finance, service, or HR staff entering customer credit applications, driver licenses, income information, insurance records, repair details, or employee data into unapproved AI tools. Dealership AI governance should define approved AI tools, prohibit sensitive customer data in public AI systems, require human review of AI-generated customer communications, and align with Safeguards Rule expectations.
Recent Regulatory & Breach Themes
Dealerships that engage in covered financial activities should continue focusing on the FTC Safeguards Rule. The FTC breach-notification requirement for covered non-bank financial institutions is now in effect for certain incidents involving at least 500 consumers. Recent dealership-sector disruption also underscores the need for vendor continuity planning, manual fallback procedures, and clear customer communication templates.
Recommended Priorities
- Confirm MFA for email, dealer management systems, finance platforms, payroll, and remote access.
- Document manual fallback procedures for sales, service, parts, and finance.
- Prohibit customer financial or identity data from being entered into public AI tools.
- Review Safeguards Rule readiness and vendor security documentation.
- Test backups, endpoint protection, and incident response contacts before an outage.
Townsend Bell — promoted to Support Team Lead
Townsend Bell joined CorePlus as a summer 2024 intern on the Operations team, then continued part-time as an Operations Analyst while finishing school. After graduating summa cum laude from Texas State University with a B.S. in Computer Information Systems, he moved into Service Delivery as a Systems Analyst — and has now earned a well-deserved promotion to Support Team Lead. His journey reflects the hard work, adaptability, and growth opportunities that define life at CorePlus. Congratulations, Townsend!
In Closing
Thank you for continuing to trust CorePlus. We value your partnership and look forward to helping your organization move forward with confidence in a changing risk environment.