Imagine if the software your company used to finalize deals and pay employees went down without warning and you didn't know when it would be fixed. How would you cope? How much money would you lose? Could you continue doing business? Unfortunately, in June, this happened to over 15,000 US- and Canada-based car dealerships when two cyber-attacks occurred on the popular industry software provider, CDK Global.
These attacks crippled the sales, financing and payroll systems for thousands of dealerships, forcing them to either halt operations or revert to the old-fashioned pen-and-paper method. This incident should be a wake-up call for all business owners, highlighting the importance of increased cybersecurity measures regardless of size.
What Happened?
The first attack occurred on the evening of Tuesday, June 18. Once it was detected, CDK Global immediately took the entire system offline to investigate the issue. The system was up and running again the following day until a second attack occurred, which resulted in the company bringing the system back offline. Experts believe the system was brought back online too soon, missing compromised areas, thus allowing the second attack. Cybersecurity specialists warn it could take weeks to fully restore the system.
While some businesses were able to switch to manual processes, this incident exposes the vulnerabilities that come with relying on digital systems. In a world where most transactions are a few clicks away, significant issues arise when systems go offline. Key business functions like completing transactions, managing payroll, and interacting with financial institutions grind to a halt, leading to delays and potential financial losses. Business owners understand that no sale is final until the check clears the bank.
What’s Next?
CDK Global didn’t disclose the exact cause of the attack. Whether that was intentional or they are still unsure remains to be seen. Their security team will need to meticulously comb over every area of the business to determine exactly what was compromised. It’s often difficult for large companies to get the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.
In the meantime, businesses need to take a hard look at their systems for selling and operational continuity. Will they be prepared to continue doing business if and when this happens again?
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
We’ll do a FREE Security Risk Assessment that will achieve two important things:
- Network Vulnerability Analysis: We'll identify vulnerabilities within your network, highlight potential attack points, and provide solutions to patch these vulnerabilities, preventing you from becoming the next victim.
- Continuity and Recovery Planning: We'll help you develop a continuity or recovery plan tailored to your organization. While robust security solutions are essential, they are not infallible. Therefore, having a plan to maintain operations in the event of a cyber-attack is crucial, whether the threat targets your network or a third-party software you depend on, like CDK.
Don't wait for a cyber-attack to disrupt your business. Strengthen your cybersecurity and ensure your business continuity today. To get started, call our office at 502-493-0811 or click here to book your FREE Security Risk Assessment now.
