Imagine if the software your organization relies on to close deals and pay employees suddenly went down, and you had no idea when it would be fixed. Could you continue doing business? How much money would you lose? Unfortunately, in June, this scenario became a reality for over 15,000 US- and Canada-based car dealerships when two cyber-attacks targeted the popular industry software provider, CDK Global.
These attacks shut down sales, financing, and payroll systems for thousands of dealers, forcing them to either halt business or revert to old-fashioned pen-and-paper methods. This incident is a wake-up call for all small business owners, emphasizing the importance of robust cybersecurity measures.
What Happened?
The initial attack occurred on the evening of Tuesday, June 18. Once it was detected, CDK Global immediately took the system offline to investigate the issue. The system was back up and running the following day until a second incident occurred, leading the company to take the system offline again. It’s believed the system was brought back online prematurely, before all compromised areas were discovered, resulting in the second attack. Cybersecurity experts predict it could be weeks before the system is fully operational again.
While some businesses reverted to manual processes, this incident highlights the vulnerabilities that come with relying on digital systems. In our ever-advancing digital world, where most transactions are just a few clicks away, significant issues arise when systems go offline. Critical parts of the business process, such as completing transactions, managing payroll, and interacting with financial institutions, can come to a standstill. Until the systems are back online, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners know that there is no sale until the check clears the bank!
So, What’s Next?
CDK Global didn’t disclose the exact cause of the attack. Whether that was intentional or they are still unsure remains to be seen. Their security team will need to meticulously comb over every area of the business to determine exactly what was compromised. It’s often difficult for large companies to get the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.
In the meantime, businesses need to take a hard look at their systems for selling and operational continuity. Will they be prepared to continue doing business if and when this happens again?
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often, and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
What You Can Do
We offer a FREE Security Risk Assessment that will achieve two important things:
Analyze Your Network for Vulnerabilities: We’ll show you if and where an attack can occur, and offer solutions to patch vulnerabilities so you’re not setting yourself up to be the next cyber-attack victim.
Determine a Continuity or Recovery Plan: Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.
To get started, call our office at 214-550-0550 or click here to book your FREE Security Risk Assessment now.