Imagine a farm customer coming into your dealership with the receipt for a $35,000 equipment purchase wondering when it will be delivered, and there being no record of it in the company’s database. 

Losing a five-figure proof of purchase would seem to be an unlikely oversight for any size operation, but resolving an administrative glitch is often easier and far less stressful or damaging than a nefarious alternative — data hacking and theft. 

The real-life scenario above was how a major-line farm equipment dealership — and its customer — realized it had been victimized by a complex heist of the company’s servers. 

It’s increasingly common for dealers to be on the receiving end of a phishing or ransomware scam, often resulting in a concerned call to an IT security company to limit damage to the dealership’s reputation and finances. 

This can be a messy and costly process. But it doesn’t have to be. Farm Equipment editors assembled 3 experts for a roundtable discussion on the realities of cyber threats (it’s not just a big dealer problem), the importance of aligning what’s most valuable with where you are most vulnerable and implementing an action plan for protection.

Included in the conversation were Jason Ballard, IT director with Sedona Technologies, a software consulting company in Moline, Ill.; Wayne Selk, director of professional services at ConnectWise, a software solutions company based in Tampa, Fla., and Arlin Sorensen, founder of HTS Ag, an independent precision dealership in Harlan, Iowa, and also VP of Ecosystem Evangelism at ConnectWise.

Farm Equipment: Cyber security is getting lots of attention with some of the recent high-profile breaches, but what do farm equipment dealerships need to be most aware of when it comes to threat protection?

Jason Ballard: “Probably the biggest mistakes we see are lack of education and misinformation. It starts with good IT frameworks, but there’s so many dealerships that are just set up differently. You can’t compare yourself to somebody else that has their entire infrastructure in the cloud when you still have your entire business system onsite in one of your locations. Then it’s knowing how to set up your network security, user training, cloud monitoring, endpoint management, etc. They need to really align with your type of dealership to make sure you have all the correct layers and the right partners in place.”

Arlin Sorensen: “Jason’s in the trenches every day working with dealerships. One of the things I’ve learned is you’ve got to spend money and invest with the right companies that can help you. This isn’t just buying a product, and all your problems go away. It’s getting more and more difficult to secure things all the time. For me, it’s not if you’re going to have an issue, it’s when it’s going to happen and are you ready to respond to it when it does?”

---

“You can have a 2-person company that has over $15 million in annual revenue. It’s not so much about the fact that you’re a small, successful company, it’s what makes your company valuable…” – Wayne Selk

---

Wayne Selk: “Aligning risk to the business is different for each dealership as well. They have different types of customers, different-sized farmers and operations. There are different types of risk that they’re exposed to. But making sure that risk then aligns to their business objectives is critical. Once you know that, then align to some type of security framework. Then you can figure out where your gaps are and spend money appropriately. A lot of people miss that part, which is what Arlin was referring to, and they go straight to just buying a technology because they think, ‘I’ve got to have a technology’ even though it might not be the right one.”

FE: How are you seeing cyber threats evolve and what are dealerships doing to adapt their IT security to keep up?

Selk: “There’s a couple different things that have popped up recently. One of which is the ransomware threat bad actor community is no longer encrypting stuff. They don’t care anymore about encrypting it. As a matter of fact, it makes it easier for them to resell it as a ransom if they keep everything in clear text. So now, when they hijack the information, they’ll put it in a different system and give the victim a drop dead date to pay. They either pay or it gets released to the highest bidder, all of your information.” 

Ballard: “I can give you two examples that just happened this year. We had one dealer that had its server system compromised. We ended up tracing it back and what happened was the bad actors were actually inside the dealership’s system, manipulating a lot of the backups. With that level of access, the criminals were changing it enough and backing up temporary files and operating system files. The onsite IT staff was getting all these green check marks in their portal saying that everything was clear and verified. 

“But they never actually verified anything. Part of the reason is the dealership had close to 13 different servers that housed their data and their database onsite. It takes a long time to test those. The attackers waited for close to 70 days before they ended up asking the dealership for a ransom. Even then, the dealership thought, ‘They don’t really understand how our database works and there’s no way they’re going to be able to get into it. They don’t know how this business system works.’ Oh yes they do. 

“They absolutely know how to search for your customers and get your critical data, even if it’s encrypted. Once they’re in, it’s not very difficult to be able to get that information. It ended up costing the dealership about $70,000, just for the ransom.

“We also deal a lot with phishing attacks. We had one with a dealer where for about 17 days, the attacker had access to the company’s entire Microsoft 365 environment. This dealer’s system was completely cloud hosted and the attacker got into several emails and ended up doing a transaction directly with the dealer’s customer to get them to wire them the money. 

“The dealer did not find out until about 2 weeks later when the customer called them and asked where their equipment was. ‘What are you talking about?’ asked the dealer. The customer said, ‘The $35,000 I sent you. Where’s my purchase?’ They had no idea.” 

FE: While the larger operations might be primary targets, it sounds like any dealership, regardless of size, is vulnerable. How do those organizations insulate themselves? 

Selk: “Data is unique to each business, and that data is worth something to that business. It doesn’t matter the size of the organization. You can have a 2-person company that has over $15 million in annual revenue. It’s not so much about the fact that you’re a small, successful company, it’s what makes your company valuable. That’s what the attackers look to commoditize if they can get their hands on it and hold companies hostage or damage their brand or reputation. 

---

“Every quarter we sit down, and we review the threats that have come at us. The technologies are intercepting hundreds and hundreds of threats that are coming at us every quarter…” – Arlin Sorensen

---

“That’s why it’s critical for dealers to have that risk conversation and align it to their business objectives. Because when you start looking from a different perspective, and you say, ‘What is it that makes me so important today? Why am I making money today?’ And boil it down to the data that you have, intellectual property, customer information, credit cards, etc., then it can be commoditized by a bad actor regardless of the size of your business.”

Ballard: “There’s often a disconnect we find when talking to dealers. When asking a dealer/owner group what is actually important to them, they make a list and talk about them. Then we talk about what layers of protection they have in place, and the two lists don’t usually line up.

“They may have purchased a protection package, but not thought about whether it is actually protecting what’s most important to them. That’s why working with the right partners and understanding what you’re purchasing is so important when it comes to protection. A lot of times, we don’t get calls until it’s too late from dealers. At that point, they are in panic mode and usually didn’t really understand the need for it, until it was too late. 

“Dealers are getting a lot smarter now. They are educating themselves and becoming more aware of what’s going on, more proactive in getting the right protection in place before they’re attacked.

---

“We had one situation with a dealer where for about 17 days, the attacker had access to the company’s entire Microsoft 365 environment. This dealer’s system was completely cloud hosted and the attacker got into several emails and ended up doing a transaction directly with the dealer’s customer to get them to wire them $35,000…” – Jason Ballard

---

“Unfortunately though, it’s still probably close to at least once a week where we get a call from somebody who wants help and protection after they were attacked. At that point, we can add our protection, kick the bad guys out and prevent further attacks. But in many cases, we can’t undo the damage that was already done. 

“We’re seeing more than double or triple the number of people wanting to prevent those kinds of things ahead of time, which is a very good thing.”

Sorensen: “A few years ago, I hired a Managed Service Provider (MSP) company to take over the security operation for our business because I realized the risk is real and we have to be protected. While I know something about technology, I’m not a security expert and I was in no position to try to do it myself. 

“They’ve done the training of all of our people. They’ve put the right technologies in place. Every quarter we sit down and we review the threats that have come at us. The technologies are intercepting hundreds and hundreds of threats that are coming at us every quarter. Thus far, we’ve been able to stay protected and not have an incident.”