In June 2024, CDK Global, a major provider of software solutions for car dealerships, experienced a significant cyberattack. This attack severely disrupted operations for thousands of car dealerships across North America, highlighting the vulnerabilities in the automotive sector’s reliance on software as a service (SaaS) platforms.
The immediate impact
The attack, identified as a ransomware incident, forced CDK Global to shut down its IT systems to prevent further spread of the attack. This action left car dealerships unable to access critical systems used for customer relationship management (CRM), financing, payroll, inventory management, and other back-office operations​. Dealerships had to revert to manual processes, significantly hampering their ability to conduct sales, manage inventory, and perform services.
Financial repercussions
The financial impact of the CDK cyberattack was substantial. Major automotive groups, including AutoNation and Sonic Automotive, reported significant losses due to the IT disruptions. AutoNation indicated that the outage negatively affected an otherwise strong quarter, while Sonic Automotive estimated a financial hit of approximately $30 million. Economic consultants from Anderson Economic Group estimated that franchised dealerships collectively lost over $1 billion in revenue due to the attack​.
Response and recovery
CDK Global’s response involved shutting down most of its systems and working on restoring operations while ensuring security. The recovery process extended into July, with some functionalities still experiencing disruptions. The company advised its clients to disconnect their always-on VPNs to prevent potential further breaches through their internal networks.
Lessons Learned and Tips for Businesses
The CDK cyberattack underscores the importance of robust cybersecurity measures. Here are three essential tips for businesses to better protect themselves against such attacks:
- Implement Multi-Factor Authentication (MFA)
- Ensure that all critical systems and applications use MFA to add an extra layer of security. This reduces the risk of unauthorized access even if credentials are compromised.
- Regularly Backup and Test Recovery Plans
- Maintain regular backups of all critical data and test recovery procedures frequently. This ensures that in the event of an attack, data can be quickly restored without paying ransoms or suffering prolonged downtimes.
- Employee Training and Awareness such as the Cybersecurity.vision masterclass
- Conduct regular cybersecurity training for employees to recognize phishing attempts and other common attack vectors. Awareness can significantly reduce the likelihood of successful breaches caused by human error.
By learning from incidents like the CDK cyberattack, businesses can strengthen their defenses and mitigate the risks associated with cyber threats.
Sources: BleepingComputer and Enterprise Technology News
What Cybersecurity.vision offers
For more information on how we can help your organization, visit our services offerings at Cybersecurity.vision.