Imagine the software your organization relies on to finalize deals and process payroll suddenly goes offline, with no clear timeline for restoration. What would you do? Could your business continue to operate? How much revenue would you lose? Unfortunately, this scenario became a reality for over 15,000 car dealerships across the US and Canada in June, when two cyber-attacks hit the industry software provider CDK Global.
These attacks crippled the sales, financing, and payroll systems of thousands of dealerships, forcing them to either halt their operations or revert to manual, pen-and-paper methods. This incident serves as a critical reminder for small business owners about the necessity of robust cybersecurity measures.
What Happened?
The first attack struck on the evening of Tuesday, June 18. Upon detection, CDK Global took immediate action by taking the entire system offline for investigation. Although the system was restored the following day, a second attack occurred, necessitating another shutdown. It is believed the system was brought back online too soon, before all vulnerabilities were identified, leading to the second breach. Cybersecurity experts indicate it could take weeks for the system to be fully operational again.
While some businesses managed to switch to manual processes, this incident underscores the risks associated with digital dependency. In our increasingly digital world, where most transactions are completed with a few clicks, significant disruptions occur when systems fail. Essential business functions like completing transactions, managing payroll, and interacting with financial institutions can grind to a halt. Until systems are restored, many operations remain incomplete, causing delays and potential financial losses. Business owners understand that a sale isn't final until the payment clears the bank.
So, What's Next?
CDK Global has not disclosed the exact cause of the attack. Whether this is intentional or due to ongoing uncertainty remains unclear. Their security team must thoroughly investigate every aspect of the business to identify the compromised areas. Large companies often struggle to accurately assess the full extent of cyber-attacks on the first review, especially if multiple vulnerabilities exist.
In the meantime, businesses need to critically evaluate their systems for sales and operational continuity. Are they prepared to continue operations if this happens again?
This incident should act as a wake-up call for all business leaders. If you lack a business recovery and continuity plan, you're exposing yourself to significant risk. And if you do have a plan, you need to ensure it is comprehensive, regularly tested, and capable of handling large-scale attacks that disable multiple operational systems. If the answer is no, it's time to take action.
We offer a FREE consultation that will accomplish two crucial objectives:
- We will analyze your network for vulnerabilities. This assessment will identify potential attack points and provide solutions to mitigate these risks, helping you avoid becoming the next cyber-attack victim.
- We will help you formulate a continuity or recovery plan tailored to your organization. While cybersecurity is essential, no solution is entirely foolproof. Therefore, you must have a plan to recover and continue operations if your network or a third-party software, like CDK, is compromised.
To get started, call our office at 914-923-0161 or click here to book your
FREE consult now.