August 26, 2024
Imagine if the software your organization relies on to close deals and pay employees suddenly went offline, with no clear timeline for a fix. What would your next steps be? Could your business operations continue uninterrupted? How much financial loss would you incur? This alarming scenario became a reality for over 15,000 car dealerships in the US and Canada this past June, following two cyber-attacks on CDK Global, a leading industry software provider.
The cyber-attacks crippled the sales, financing, and payroll systems of thousands of dealerships, forcing them to either halt operations or revert to manual, pen-and-paper methods. This incident serves as a stark reminder for all small business owners about the critical need for strong cybersecurity measures.
What Happened?
The first attack hit on the evening of Tuesday, June 18. Upon detection, CDK Global immediately took the system offline to investigate. Although the system was restored the next day, a second attack occurred, prompting another shutdown. It appears the system was prematurely brought back online before all vulnerabilities were fully addressed, leading to the second breach. Experts suggest it could take weeks before the system is fully operational again.
While some businesses managed to switch to manual processes, the incident underscores the vulnerabilities inherent in digital systems. In our increasingly digital world, where most transactions are completed with just a few clicks, significant disruptions occur when these systems go down. Essential business functions like completing transactions, managing payroll, and interacting with financial institutions come to a halt, causing delays and potential financial losses. Business owners understand that a sale isn't final until the check clears the bank.
What's Next?
CDK Global has not disclosed the exact cause of the attack, leaving it unclear whether this is intentional or due to ongoing uncertainty. Their security team will need to thoroughly investigate every aspect of the business to identify what was compromised. Large companies often struggle to fully understand the extent of a cyber-attack after an initial review, especially if multiple vulnerabilities are involved.
In the meantime, businesses must critically evaluate their systems for sales and operational continuity. Are they prepared to continue operations if a similar incident occurs?
This incident should be a wake-up call for all business leaders. Without a robust business recovery and continuity plan, you're exposing yourself to significant risk. Even if you have a plan, you must ensure it is high-quality, regularly tested, and capable of handling a large-scale attack that disables multiple operational systems. If your current plan falls short, it's time to take action.
We offer a FREE Cyber Strategy Session that accomplishes two key objectives:
- We will analyze your network for vulnerabilities, identifying potential attack points and providing solutions to mitigate these risks, helping you avoid becoming the next cyber-attack victim.
- We will assist you in developing a continuity or recovery plan tailored to your organization. While cybersecurity is essential, no solution is entirely foolproof. Therefore, you need a plan to ensure business continuity if your network or a critical third-party software, like CDK, is compromised.
Take proactive steps today to safeguard your business against future cyber threats.
To get started, call our office at 707-689-3999 or click here to book your
FREE Cyber Strategy Session now.
