August 26, 2024
Imagine the software your organization relies on to finalize deals and process payroll suddenly went offline, with no clear timeline for restoration. What steps would you take? Could your business operations continue? How much financial loss would you incur? This unfortunate scenario became a reality for over 15,000 car dealerships in the US and Canada in June when two cyber-attacks targeted CDK Global, a leading industry software provider.
The attacks crippled the sales, financing, and payroll systems of thousands of dealerships, forcing them to either halt operations or revert to manual, pen-and-paper methods. This incident underscores the critical need for robust cybersecurity measures for all small business owners.
What Happened?
The first attack struck on the evening of Tuesday, June 18. In response, CDK Global took immediate action, bringing the entire system offline to investigate. Although services were restored the following day, a second attack necessitated another shutdown. It is believed that the system was brought back online too soon, before all vulnerabilities were addressed, leading to the second breach. Cybersecurity experts suggest it could take weeks before the system is fully operational again.
While some businesses managed to switch to manual processes, the incident highlights the risks associated with dependence on digital systems. In our increasingly digital world, where transactions are often just a few clicks away, system outages can cause significant disruptions. Critical business functions, such as transaction completion, payroll management, and financial interactions, can grind to a halt. Until systems are restored, many business operations remain incomplete, causing delays and potential financial losses. Every business owner knows that a sale isn't finalized until the payment clears the bank.
What's Next?
CDK Global has not disclosed the exact cause of the attack, leaving it unclear whether this is due to ongoing investigations or intentional non-disclosure. Their security team will need to conduct a thorough review to determine the extent of the compromise. Large companies often struggle to fully understand the scope of cyber-attacks after an initial review, particularly if multiple vulnerabilities exist.
In the meantime, businesses should critically evaluate their systems for sales and operational continuity. Are they prepared to continue operations if a similar incident occurs?
This incident should serve as a wake-up call for all business leaders. If you lack a business recovery and continuity plan, you are exposing yourself to significant risk. And if you do have a plan, you must ensure it is high-quality, regularly tested, and capable of handling large-scale attacks that disable multiple operational systems. If the answer is no, immediate action is required.
To get started, call our office at 802-331-1900 or click here to book your
FREE Discovery Call now.