The client is a multilocation car dealership. Due to an update in the FTC Safeguards Rule, which will go into effect June 2023, car dealerships have to take security and data protection risks more seriously. As part of the FTC requirements, car dealerships are required to perform internal vulnerability scanning every six months. A multilocation car dealership requested Baker Tilly's assistance in meeting these new requirements.
Baker Tilly deployed a physical scanning appliance to the company's network and utilized a secure remote connection to perform the internal vulnerability scanning activities. Our scanning identified a variety of missing system patches, application patches and configuration recommendations.
The client reviewed our findings and identified various systems that had fallen off of the patching inventory. Additionally, our findings identified vulnerabilities with third-party software that is utilized for maintenance services and the client is working with the vendor for updates to remediate the vulnerabilities.