If the software your organization uses to close deals and pay employees suddenly went down, leaving you clueless about when it might be restored, what would you do? Could you continue operations? How much revenue would you lose? This exact scenario unfolded for over 15,000 car dealerships across the US and Canada in June when two cyber-attacks targeted the industry software provider, CDK Global.
These attacks brought sales, financing, and payroll systems to a grinding halt, forcing many dealerships to either cease operations or revert to manual processes. This incident is a stark reminder for all small business owners about the critical need for robust cybersecurity measures.
What Happened?
The first attack struck on the evening of June 18. CDK Global promptly took the correct action by bringing their entire system offline to investigate the breach. Although they restored the system the following day, a second attack quickly followed, forcing another shutdown. It’s believed the system was brought back online too soon, before all compromised areas were secured, leading to the second breach. Cybersecurity experts warn it could be weeks before the system is fully operational again.
While some businesses managed to switch to manual processes, this incident exposes the vulnerabilities of digital reliance. In our increasingly digital world, where transactions are just clicks away, significant issues arise when systems go offline. Essential business processes like transaction completion, payroll management, and financial interactions come to a standstill, causing delays and potential financial losses. Business owners know there’s no sale until the check clears!
What We Know About the Attack
The attack was attributed to the BlackSuit ransomware gang, a rebranded version of the Royal ransomware group. CDK Global reportedly paid a ransom of $25 million in cryptocurrency to resolve the situation and regain access to their systems (BleepingComputer) (RetailWire) (Car Dealer Magazine). This payment allowed CDK to restore its core management system and bring the majority of dealerships back online a week later. However, this action highlights the severe impact and potential financial burden such attacks can impose on businesses.
So, What’s Next?
CDK Global has not disclosed the exact cause of the attack, possibly due to ongoing investigations or strategic discretion. Their security team must now meticulously review every aspect of their system to determine the full extent of the breach. Large companies often struggle to pinpoint all details of a cyber-attack immediately, especially if multiple vulnerabilities are involved.
In the interim, businesses must critically assess their own systems for sales and operational continuity. Are you prepared to keep your business running if and when a similar incident occurs?
This incident should serve as a wake-up call for YOU. If you lack a robust business recovery and continuity plan, you're at risk. Even if you have a plan, ask yourself if it is high-quality, tested frequently, and capable of handling a large-scale attack disabling multiple systems?? If not, it's time to take action!
At Diverse CTI, we offer a FREE Security Risk Assessment to achieve two key objectives:
- Network Vulnerability Analysis: We’ll identify potential attack vectors in your network and provide solutions to patch them, reducing the risk of being the next cyber-attack victim.
- Continuity and Recovery Planning: We’ll help you develop a plan tailored to your organization’s needs, ensuring you can bounce back and continue operations if a cyber-attack disrupts your network or critical third-party software like CDK.
To get started, call our office at 405-840-4100 or click here to book your FREE Security Risk Assessment now.
