Articles & E-Books


How dealerships can meet GM’s cybersecurity guidelines

Jan 20, 2020

Ransomware and other types of malware can cripple a dealership, resulting in significant financial and reputational damage.

As cyberattacks continue to grow and become more sophisticated, automobile manufacturers and dealers alike are recognizing the importance of cybersecurity — and they’re placing new requirements for the safeguarding and protection of data.

GM recently issued an update to its GM Dealership Infrastructure Guidelines that require dealerships to beef up their security.

One of the most significant new requirements is endpoint detection and response (EDR). EDR is an advanced software agent that is run on computer workstations and servers to prevent file-based malware attacks, detect malicious activity and provide the necessary information to conduct a forensic investigation.

But that’s not the only requirement. Other cybersecurity controls include:

  • Security incident and event management (SIEM)
  • Penetration testing and vulnerability scanning
  • File integrity management and monitoring
  • Security awareness training

It’s also important to note that GM is ranking the infrastructure guidelines into a good, better and best format. They define each term as:

  • Good — the minimum acceptable systems capability/components for conducting business with GM
  • Better — the systems infrastructure capability/components that will deliver better performance and security while seeking to maximize the lifecycle of the investment.
  • Best — the systems infrastructure capability/components that will deliver best performance and security while seeking to maximize the lifecycle of the investment.

With all of these different requirements, your dealership might be wondering not only how you can comply with GM’s guidelines but also how you can comply without breaking the bank. Fortunately, you have options.

How you can meet GM’s cybersecurity guidelines

The scope of cybersecurity in today’s world is so large that no one dealership can tackle it internally. There are just too many false positives to sift through, too much expertise required, and too few cybersecurity experts available for in-house positions.

This means that dealerships are most likely going to be implementing cybersecurity requirements like EDR, SIEM, testing and training through a third party. GM knows this, which is why they have an authorized provider.

But while dealerships can purchase cybersecurity services through this authorized provider, they are not required to. Other service providers are more cost-effective while still providing high-quality, cutting-edge managed detection and response services.

It won’t surprise you to learn that Wipfli is one of those providers. Our scalable and state-of-the-art managed security services provides 24/7 protection for businesses, and we’ve developed a managed service tailored specifically for dealerships looking to comply with GM’s cybersecurity guidelines. We provide you with:

  • EDR
  • Penetration testing
  • Vulnerability scanning and assessments
  • File integrity monitoring
  • SIEM
  • Security training and awareness

If you already contract with another provider for any of these services, we can also provide individual services, such as EDR, instead of a full package. We can assist you to meet your dealership’s cybersecurity needs, providing exceptional service and cost savings. Our EDR service starts at $125 per month for up to 20 workstations.

For more information, contact Jeff Olejnik or your Wipfli relationship executive.

Or, continue reading on in these cybersecurity articles:

10 essential ways to protect your business against cyber crime

5 questions executives should ask to assess cybersecurity readiness


Jeff Olejnik
View Profile