If the software your organization used to close deals and pay employees unexpectedly went down and you had no idea when it would be fixed, what would you do? Could you continue doing business? How much money would you lose? Unfortunately, in June, this happened to over 15,000 US- and Canada-based car dealerships when two cyber-attacks occurred on the popular industry software provider, CDK Global.
This software attack shut down the sales, financing, and payroll systems for thousands of dealers, forcing them to either stop business or revert to the old-fashioned pen-and-paper method. This incident should be a wake-up call for all small business owners, highlighting the importance of robust cybersecurity measures.
What Happened?
The initial attack occurred on the evening of Tuesday, June 18. Once it was detected, CDK Global immediately took the correct action, bringing the entire system offline to investigate the issue. The system was up and running again the following day until a second incident occurred, which resulted in the company bringing the system back offline. It’s thought the system was brought back online prematurely, before all compromised areas were discovered, resulting in a second attack. Cybersecurity experts were saying it could be weeks before the system was back to being fully operational.
While some businesses were able to revert to manual processes, this incident highlights the vulnerabilities that come with relying on digital systems. In our ever-advancing digital world, where most transactions are a couple of clicks away, significant issues arise when systems go offline. Critical parts of the business process, such as completing transactions, managing payroll, and interacting with financial institutions, can come to a standstill. This means that until the systems are back online, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners know that there is no sale until the check clears the bank!
So, What’s Next?
CDK Global didn’t disclose the exact cause of the attack. Whether that was intentional or they are still unsure remains to be seen. Their security team will need to meticulously comb over every area of the business to determine exactly what was compromised. It’s often difficult for large companies to get the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.
In the meantime, businesses need to take a hard look at their systems for selling and operational continuity. Will they be prepared to continue doing business if and when this happens again?
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often, and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
We’ll do a FREE Security Risk Assessment that will achieve two important things:
- We’ll analyze your network for vulnerabilities. This will show you if and where an attack can occur, and we’ll offer solutions to patch it so you’re not actively setting yourself up to be the next cyber-attack victim.
- We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.
To get started, call our office at 713-936-6855 or click here to book your FREE Security Risk Assessment now.