Imagine if the software your company relies on for closing deals and processing payroll unexpectedly went down, and you had no idea when it would be fixed. What would you do? Could you continue doing business? How much money would you potentially lose? This unfortunate scenario became a reality in June for more than 15,000 automobile dealerships across the US and Canada when CDK Global, a popular industry software provider, was hit by two cyber-attacks.

These attacks shut down the sales, financing, and payroll systems for thousands of dealers, forcing them to either cease operations or revert to manual pen-and-paper method. This incident should be a wake-up call for all small business owners, highlighting the importance of robust cybersecurity measures.

What Happened?

The first attack occurred on the evening of Tuesday, June 18. Once it was detected, CDK Global immediately took the correct action by bringing the entire system offline to investigate the issue. Although operations resumed the following day, a second attack forced the company to shut down the system again. It’s believed the system was brought back online prematurely, before all compromised areas were discovered, resulting in a second attack. Cybersecurity experts estimate that it could take several weeks for the system to be fully operational again.

While some businesses managed to revert to manual processes, this incident highlights the vulnerabilities that come with relying on digital systems. In our ever-advancing digital world, where most transactions are a couple of clicks away, significant issues arise when systems go offline. Critical parts of the business process, such as completing transactions, managing payroll, and interacting with financial institutions, can come to a standstill. This means that until the systems are back online, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners understand that a sale isn’t complete until the check clears the bank!

So, What’s Next?

CDK Global has not disclosed the specific cause of the cyber-attacks. Whether this is intentional or due to ongoing investigations remains unknown. Their security team will need to meticulously examine every area of the business to determine what was compromised. It’s often difficult for large companies to get the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.

In the meantime, businesses need to take a hard look at their systems for selling and operational continuity. Will they be prepared to continue operations if this happens again?

This incident should serve as a wake-up call for all business leaders. Without a solid business recovery and continuity plan in place, you are exposing yourself to significant risk. And if you do have one, you need to ask yourself if it is high-quality, regularly tested, and capable of handling a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to take action.

We’ll do a FREE Security Risk Assessment that will achieve two important things:

1. Network Vulnerabilities Analysis:
We’ll analyze your network for vulnerabilities. This assessment will show you if and where an attack can occur, and we’ll offer solutions to patch it so you’re not actively setting yourself up to be the next cyber-attack victim.

2. Continuity and Recovery Planning:
We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.

To get started, call our office at 847-906-5005 or click here to book your FREE Security Risk Assessment now.