If the software your organization used to close deals and pay employees unexpectedly went down and you had no idea when it would be fixed, what would you do? Could you continue doing business? How much money would you lose? Unfortunately, in June, this scenario became a reality for over 15,000 car dealerships in the US and Canada when two cyber-attacks targeted the popular industry software provider, CDK Global.
These attacks shut down the sales, financing, and payroll systems for thousands of dealers, forcing them to either halt business or revert to the old-fashioned pen-and-paper method. This incident is a stark reminder for all small business owners of the importance of robust cybersecurity measures.
What Happened?
The initial attack occurred on the evening of Tuesday, June 18. Upon detection, CDK Global immediately took action, bringing the entire system offline to investigate. Although the system was restored the following day, a second incident occurred, prompting another shutdown. It is believed the system was brought back online prematurely, before all compromised areas were identified, leading to the second attack. Cybersecurity experts warn it could be weeks before the system is fully operational again.
While some businesses managed to revert to manual processes, this incident underscores the vulnerabilities of relying solely on digital systems. In today's digital world, where most transactions are just a few clicks away, significant issues arise when systems go offline. Critical business processes, such as completing transactions, managing payroll, and interacting with financial institutions, can grind to a halt, causing delays and potential financial losses. Business owners understand that there is no sale until the check clears the bank!
So, What’s Next?
CDK Global has not disclosed the exact cause of the attack. Whether this is intentional or due to ongoing uncertainty remains to be seen. Their security team will need to thoroughly examine every aspect of their business to identify exactly what was compromised. Large companies often struggle to get the details about cyber-attacks 100% correct after the first review because determining the extent of an attack’s network penetration can be challenging, especially if there are multiple points of vulnerability.
In the meantime, businesses need to critically assess their systems for operational continuity. Will they be prepared to continue doing business if this happens again?
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, frequently tested, and capable of handling a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to take action.
Take Action Now
We offer a FREE Security Risk Assessment that will accomplish two crucial tasks:
- Network Vulnerability Analysis: We’ll analyze your network for vulnerabilities, showing you if and where an attack could occur, and provide solutions to patch these vulnerabilities to prevent you from becoming the next cyber-attack victim.
- Business Continuity and Recovery Planning: We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is essential for doing business, but even the best security solutions aren’t 100% foolproof. You need a plan to bounce back and continue operations if your network or a third-party software you rely on, like CDK, is compromised.
To get started, call our office at 985-871-0333 or click here to book your FREE Security Risk Assessment now. Don't wait for a cyber-attack to disrupt your business—act now to protect your future.