If the software your organization uses to close deals and pay employees suddenly went down without any indication of when it would be fixed, what would you do? Could you keep doing business? How much money would you lose? Unfortunately, in June, this exact situation happened to over 15,000 car dealerships in the US and Canada due to two cyber-attacks on the popular industry software provider, CDK Global.
These attacks shut down sales, financing, and payroll systems for thousands of dealers, forcing them to either stop business or revert to the old-fashioned pen-and-paper method. This incident should serve as a wake-up call for all small business owners, emphasizing the importance of robust cybersecurity measures.
What Happened?
The initial attack occurred on the evening of Tuesday, June 18. Upon detection, CDK Global took immediate action, bringing the entire system offline to investigate the issue. The system was restored the next day until a second incident occurred, prompting the company to take the system offline again. It is believed that the system was brought back online prematurely, before all compromised areas were identified, leading to the second attack. Cybersecurity experts suggest it could be weeks before the system is fully operational again.
While some businesses managed to revert to manual processes, this incident highlights the vulnerabilities of relying on digital systems. In our ever-advancing digital world, where most transactions are just a couple of clicks away, significant issues arise when systems go offline. Critical parts of the business process, such as completing transactions, managing payroll, and interacting with financial institutions, can come to a standstill. This means that until systems are restored, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners know that there is no sale until the check clears the bank!
What’s Next?
CDK Global has not disclosed the exact cause of the attack. Whether this is intentional or because they are still unsure remains to be seen. Their security team will need to meticulously examine every area of the business to determine exactly what was compromised. Large companies often struggle to get all the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.
In the meantime, businesses need to critically assess their systems for selling and operational continuity. Will they be prepared to continue doing business if and when this happens again?
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often, and capable of handling a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to take action.
Free Security Risk Assessment
We’re offering a FREE Security Risk Assessment that will achieve two important goals:
- Network Vulnerability Analysis: We’ll identify and patch vulnerabilities in your network to prevent future attacks.
- Continuity and Recovery Planning: We’ll help you develop a robust continuity and recovery plan tailored to your organization.
To get started, call our office at (312) 767-1250 or fill in below to book your FREE Security Risk Assessment now.