Imagine that the software your organization relies on to finalize deals and process payroll suddenly went offline, with no clear timeline for restoration. What steps would you take? Could your business continue operating? How much revenue would you lose? Unfortunately, this scenario became a reality for over 15,000 car dealerships in the US and Canada in June, when two cyber-attacks targeted the widely-used industry software provider CDK Global.
These cyber-attacks crippled the sales, financing, and payroll systems of thousands of dealerships, forcing them to either halt operations or revert to manual, pen-and-paper methods. This incident serves as a stark reminder for all small business owners about the critical importance of robust cybersecurity measures.
What Happened?
The first attack struck on the evening of Tuesday, June 18. Upon detection, CDK Global promptly took the system offline to investigate. Although the system was restored the following day, a second attack occurred, necessitating another shutdown. It appears the system may have been reactivated prematurely, before all vulnerabilities were identified, leading to the subsequent breach. Cybersecurity experts indicate it could take weeks for the system to become fully operational again.
While some businesses managed to switch to manual processes, the incident underscores the risks associated with heavy reliance on digital systems. In today's digital age, where most transactions are just a few clicks away, significant disruptions occur when systems go offline. Essential business functions, such as transaction completion, payroll management, and financial institution interactions, can grind to a halt. Until systems are restored, many business operations face delays and potential financial losses. Business owners understand that a sale is not complete until the payment clears the bank!
So, What's Next?
CDK Global has not disclosed the exact cause of the attack, leaving it unclear whether this is due to intent or ongoing uncertainty. Their security team must thoroughly investigate every aspect of the business to pinpoint the compromised areas. Large companies often struggle to fully understand the scope of cyber-attacks after initial reviews, as multiple vulnerabilities can complicate the assessment.
In the meantime, businesses should critically evaluate their systems for sales and operational continuity. Are they prepared to continue operations if and when such disruptions occur again?
This incident should be a wake-up call for all business leaders. If your organization lacks a business recovery and continuity plan, you are exposing yourself to significant risk. Even if you have a plan, you must ensure it is high-quality, regularly tested, and capable of handling large-scale attacks that disable multiple operational systems. If your current plan falls short, it's time to take action.
Our Offer
We offer a FREE consultation that will accomplish two crucial objectives:
- Network Vulnerability Analysis: We'll assess your network for potential vulnerabilities, identifying where attacks could occur and providing solutions to mitigate these risks, helping you avoid becoming the next cyber-attack victim.
- Continuity and Recovery Planning: We'll assist you in developing a continuity or recovery plan tailored to your organization. While robust cybersecurity is essential, no solution is entirely foolproof. Therefore, having a plan to quickly recover and continue operations in the event of a network or third-party software breach, like the CDK incident, is vital.
Don't wait for a crisis to strike. Ensure your business is prepared to withstand and recover from cyber-attacks.
To get started, call our office at 410-535-4332 or click here to book your
FREE consult now.
