Five new cars you didn't order have arrived at your dealership. The factory insists the cars were delivered at your request and you are fuming at the manufacturer for delivering cars you don't want.
But the problem is not with the factory. A hacker has somehow broken into the dealership management system through its Web site, which conveniently displays new-vehicle inventory in real time for Internet shoppers. It's a problem because a prankster, a disgruntled customer or perhaps an ex-employee used the Internet to tamper with your inventory system.
It may not have happened to a dealership yet, but this type of incident illustrates a growing problem for corporate Web sites. Web site defacement, one of the most common problems, is increasing as Internet volume increases. Though dealerships have nowhere near the volume of, say, Yahoo! or eBay, they still could fall prey to a hacker.
'There are at least 20 to 30 Web site defacements per day, where somebody changes the text or images on a site,' said Errol Weiss, vice president for managed security services of Global Integrity, an Internet security services firm in Reston, Va. Weiss said hackers have tampered with Web sites for 'almost every major corporation all the way down to local libraries.'
Global Integrity, which performs Web site audits, has a checklist for companies that need to improve Web site security:
Protect the site with a fire wall - a computer that monitors traffic coming in and out of the company's network based on a set of rules
Install an intrusion-detection system, which compares network traffic against a list of possible attack patterns
Perform penetration testing, a series of audits in which security experts take on the role of a hacker and try to find weaknesses in the network
If business systems - such as a dealership inventory-management system - are integrated with the Web site, separate the two with a fire wall
Write formal plans for handling threats from hackers, including a procedure for blocking certain Internet addresses from entering the network
Save records that could be used as evidence to prosecute hackers caught corrupting the system, including system logs.