On June 19, 2024, a ransomware attack hit CDK Global, a critical software application provider to around 15,000 car dealers across North America. The CDK software helps auto dealers track inventory, conduct credit checks, generate interest rates for auto loans, and complete sales contracts.
For two weeks during the attack, many dealerships were relegated to pen and paper. They were forced to conjure up alternative methods for their daily operations, deal tracking, employee payments, and customer relations.
This crisis isn't just a cautionary tale for the automotive industry. It should serve as a wake-up call for organizations across every sector. The incident should force you to take a long, hard look at your critical systems and make you ask yourself: Do I have a plan B?
Intelligent Technical Solutions (ITS) is a managed security services provider (MSSP) that has helped hundreds of businesses bolster their cybersecurity to defend against all kinds of cyber-attacks. In this article, we'll take a closer look at the CDK hack and the lessons we can take from it.
CDK Hack: Things You Need to Know
Here are the top things you need to know about the CDK cyber incident:
1. It's a Ransomware Event
The CDK Global hack was a ransomware event. Details as to how the attack was executed have not been shared at the time of this writing. In addition, analysts suspect it was caused by a new Russian-linked hacking group called Blacksuit.
No official statement regarding the ransom has been released. However, media outlet Bloomberg reported that the hackers are asking for millions of dollars. We don’t yet have official word if customer data was exfiltrated. If that is determined to have occurred, the severity of this incident will increase dramatically, with multiple lawsuits and regulatory oversight enforced from the FTC.
2. It Wasn't a Single Attack
The cyber incident wasn't isolated to a single attack. CDK Global suffered an additional breach while they were recovering from the first cyberattack. That suggests that the systems may have been vulnerable during the recovery process, or that the initial security issues were not fully resolved when the systems were brought back online.
3. It Caused Industry-Wide Disruption
Automakers, auto dealers, and car buyers are all affected by the attack. It caused widespread delays as dealerships resorted to pen and paper to complete deals. That has caused frustration among customers, which has led to delayed or canceled purchases. The impact on customer satisfaction can also potentially affect the long-term reputation of the affected dealerships.
In addition, many automakers are unable to track sales and inventory through their dealer networks.
4 Lessons You can Take Away from the CDK Hack
1. Cyber Attacks are Targeting Supply Chains
Hackers want to cause as much disruption as they can. That’s why many hacking groups are now targeting companies in supply chain-style attacks. Their goal is taking down entire industries because they can demand more money.
Last year, the real estate industry suffered a similar fate when software provider Rapattoni was hit with a ransomware attack. The attack downed the multiple listing service (MLS) systems that many real estate agents used across the country, causing widespread disruption.
If there’s a lesson that you need to take from these incidents, it’s that cyber-attacks are growing more sophisticated, and becoming more devastating.
2. Managing Third-Party Risk is Crucial
Most businesses today are deeply interconnected in a web of outsourced, cloud-based services. While that has democratized access to sophisticated business tools, unfortunately, it also opens you up to third-party risks. The CDK hack highlights that risk. Here are some key lessons about third-party risk management that you can draw from this incident:
- Vet Third-Party Vendors Thoroughly
Conducting comprehensive security assessments of third-party vendors before integrating them into your operations is crucial. That includes evaluating their security policies, compliance with industry standards, and past security performance.
- Implement Access Control and Segmentation
Limit third-party vendors' access to only what is necessary for their role. Use network segmentation and strict access controls to ensure that your vendors do not have access to the entire network or sensitive data beyond their specific tasks.
- Review Contractual Agreements and Compliance
Ensure that all your contracts with third-party vendors include stringent security requirements. These agreements should also mandate regular security audits and compliance checks to enforce adherence to security protocols. - Include Vendors in Incident Response Plans
Include third-party vendors in your incident response planning. Establish clear protocols for handling third-party breaches, including notification procedures and responsibilities.
3. Don’t Put All Your Eggs in One Basket
Earlier, we asked you to look at your critical systems and ask yourself if you had a plan B. If you don’t, now is the time to start developing your contingency plans, redundancies and parallel systems. Ideally, these systems would already be in place, but if you don’t have them yet, there is still time to work out a plan B today.
This will ensure that you are prepared for prolonged outages, such as those experienced by CDK system users.
4. Invest in Your Cybersecurity
It’s safe to say that CDK Global is not having a great time dealing with this incident. According to reports, the company had to pay a ransom of $25 million to resolve the breach. Worse, it will cost them millions more just to recover, because they still have frustrated customers and possible legal issues to contend with. The truth is, there’s no scenario where CDK Global gets out of the situation unscathed.
That’s why the best way to deal with a cyber-attack is to prevent it altogether. To do that, you will need to prioritize your cybersecurity and invest in it. Seek out cybersecurity partners who can help you find the right tools, enforce best practices and provide security training for your team.
Remember, implementing advanced cybersecurity measures isn't cheap. But it’s just a fraction of the cost of suffering a major data breach.
Ready to Bolster Your Cybersecurity Against Ransomware Attacks?
The CDK Global hack serves as a painful lesson, not just for the automotive industry, but for all sectors. It highlights the value of having alternative operational plans in case of similar incidents, as well as how important it is to invest in robust cybersecurity measures. Once you understand these lessons, you can better protect yourself against future cyber threats and ensure resilience against potential disruptions.
ITS is a cybersecurity services provider that has helped hundreds of businesses build robust cybersecurity against all kinds of threats, including ransomware. If you need help bolstering your cyber defenses, schedule a free security assessment with our experts.
You can also learn more about ransomware and third-party risks by going through our Learning Center content:
- Domino Effect: A Third-Party Vendor's Ransomware Crisis Became Our Own
- Ransomware Attack Protection Checklist