If the software your organization uses to finalize deals and process payroll unexpectedly went offline with no clear timeline for resolution, what would you do? Could your business continue operating? How much revenue would you lose? In June, this scenario impacted over 15,000 car dealerships in the US and Canada when two cyber-attacks targeted the popular industry software provider, CDK Global.
These attacks disrupted sales, financing, and payroll systems for thousands of dealerships, forcing them to either cease operations or resort to manual pen-and-paper methods. This incident should serve as a stark reminder for small business owners about the critical importance of robust cybersecurity measures.
Incident Overview
The first attack occurred on the evening of Tuesday, June 18. CDK Global responded promptly by taking the system offline to investigate. The system was restored the next day, but a second attack led to another shutdown, indicating the system was brought back online too soon before all vulnerabilities were addressed. Experts believe it could take weeks for the system to be fully operational again.
While some businesses managed to switch to manual processes, the incident exposed the vulnerabilities of relying on digital systems. In today’s digital age, where transactions are typically completed with a few clicks, system outages can paralyze critical business operations such as completing transactions, managing payroll, and interacting with financial institutions. This can result in significant delays and financial losses. Business owners know that no sale is complete until the payment clears the bank!
Next Steps
CDK Global has not revealed the exact cause of the attack. Whether this is intentional or due to ongoing investigations is unclear. Their security team must thoroughly investigate to determine what was compromised. Large companies often struggle to fully understand the scope of cyber-attacks initially, especially if multiple vulnerabilities exist.
In the meantime, businesses must evaluate their systems for selling and operational continuity. Will they be able to continue operating if a similar incident occurs again?
This incident should be a wake-up call for all business leaders. If you lack a business recovery and continuity plan, you are at risk. If you have a plan, you must ensure it is high-quality, regularly tested, and capable of handling large-scale attacks that disable multiple operational systems. If it isn’t, it’s time to take action.
Free Security Risk Assessment
We’re offering a FREE Security Risk Assessment to help you safeguard your business:
- Network Vulnerability Analysis: We’ll identify and patch vulnerabilities in your network to prevent future attacks.
- Continuity and Recovery Planning: We’ll assist you in developing a robust continuity and recovery plan tailored to your organization.
To get started, call our office at 512-662-1902 or filling the form below to book your FREE Security Risk Assessment now.