Imagine if your organization’s software for closing deals and processing payroll suddenly went down, and you had no idea when it would be fixed.
Could you continue doing business? How much money would you lose?
Unfortunately, this scenario became a reality in June for over 15,000 car dealerships in the US and Canada when two cyber-attacks hit CDK Global, a popular industry software provider.
These attacks shut down thousands of dealer’s sales, financing, and payroll systems, forcing them to either stop business or revert to old-fashioned pen-and-paper methods. This incident is a stark reminder for all business owners of the critical importance of robust cybersecurity measures.
What Happened?
The initial attack occurred on the evening of Tuesday, June 18, 2024.
CDK Global took immediate action, bringing the entire system offline to investigate the issue. The system was back online the following day, but a second incident forced the company to take it offline again.
The system may have been brought back online prematurely before all compromised areas were discovered, leading to the second attack. Cybersecurity experts warn it could be weeks before the system is fully operational again.
While some businesses were able to revert to manual processes, this incident underscores the vulnerabilities of relying on digital systems.
Significant issues arise when systems go offline in today’s digital world, where most transactions are just a few clicks away. Critical business processes, such as completing transactions, managing payroll, and interacting with financial institutions, come to a standstill.
Until systems are back online, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners know there is no sale until the check clears the bank!
What’s Next?
CDK Global has not disclosed the exact cause of the attack, whether intentionally or because they are still unsure.
Their security team must thoroughly examine every business area to determine what was compromised.
Large companies often find it difficult to get the details about cyber-attacks 100% correct after the first review, as multiple points of vulnerability can make it hard to determine the extent of an attack’s network penetration.
In the meantime, businesses need to examine their systems for selling and operational continuity closely. Will they be prepared to continue doing business if this happens again?
A Wake-Up Call for Business Leaders
This incident serves as a wake-up call for all business leaders. You’re putting yourself at risk if you don’t have a business recovery and continuity plan in place. If you do have a plan, ask yourself if it is high quality, tested often, and capable of handling a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to act.
We offer a FREE Security Risk Assessment that will achieve two important things:
- Network Vulnerability Analysis: We’ll analyze your network for vulnerabilities, showing you where an attack could occur and offering solutions to patch these vulnerabilities so you won’t become the next cyber-attack victim.
- Continuity and Recovery Plan Development: We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is essential for business, but even the most robust security solutions are not 100% foolproof. This means you must plan to bounce back and continue operations if something happens to your network or third-party software you rely on, like CDK Global.
To get started, call our office at 973-828-0488 or visit www.ibsre.com to book your FREE Security Risk Assessment.