August 26, 2024
Imagine the software your organization relies on for closing deals and paying employees suddenly went offline, with no clear timeline for resolution. What would you do? Could your business continue to operate? How much revenue would you lose? Unfortunately, this scenario became a reality for over 15,000 car dealerships in the US and Canada in June when two cyber-attacks disrupted the services of CDK Global, a widely-used industry software provider.
These cyber-attacks crippled the sales, financing, and payroll systems of thousands of dealerships, forcing them to either halt operations or revert to manual, pen-and-paper methods. This incident serves as a stark reminder for small business owners about the critical need for robust cybersecurity measures.
What Happened?
The first attack struck on the evening of Tuesday, June 18. CDK Global responded promptly by taking their entire system offline to investigate. The system was restored the following day, only to suffer a second attack, prompting another shutdown. It appears the system was reactivated prematurely before all vulnerabilities were identified, leading to the subsequent breach. Cybersecurity experts now warn that it could take weeks for the system to be fully operational again.
While some businesses managed to switch to manual processes, the incident underscores the risks of heavy reliance on digital systems. In today's digital age, where most transactions are just a few clicks away, significant disruptions occur when systems go offline. Essential business functions, such as completing transactions, managing payroll, and interacting with financial institutions, can grind to a halt. Until systems are restored, many business operations face delays and potential financial losses. Business owners understand that a sale isn't complete until the payment clears the bank.
So, What's Next?
CDK Global has not disclosed the exact cause of the attack, leaving it unclear whether this is due to ongoing investigations or intentional withholding of information. Their security team must meticulously examine every aspect of the business to determine the full extent of the compromise. Large companies often struggle to fully understand the details of cyber-attacks after an initial review, especially when multiple vulnerabilities are involved.
In the meantime, businesses must scrutinize their systems for sales and operational continuity. Are they prepared to continue operations if such an incident happens again?
This incident should serve as a wake-up call for all business leaders. If you don't have a business recovery and continuity plan in place, you're putting your organization at risk. And if you do, you need to assess whether it is high-quality, regularly tested, and capable of handling a large-scale attack that disables multiple operational systems. If the answer is no, it's time to take action.
We offer a FREE Consult that accomplishes two critical objectives:
1. We will analyze your network for vulnerabilities, identifying potential attack points and providing solutions to patch them, ensuring you're not the next victim of a cyber-attack.
2. We will help you develop a continuity or recovery plan tailored to your organization. While cybersecurity is crucial, no solution is entirely foolproof. Therefore, having a plan to bounce back and continue operations if your network or a third-party software you rely on, like CDK, is compromised is essential.
To get started, call our office at 952-941-7333 or click here to book your
FREE Consult now.
