If your business’s software unexpectedly went down because of a cyber-attack and you had no idea when it would be fixed, what would you do? We’re talking about the software that is used to close deals and pay employees. Could you continue doing business? How much money would you lose?
In June 2024, this nightmare happened to over 15,000 US- and Canada-based car dealerships. Two cyber-attacks occurred on the popular industry software provider, CDK Global. This attack shut down the sales, financing and payroll systems for thousands of dealers, forcing them to either stop business or revert to the stone age pen-and-paper method.
Let this incident be a wake-up call for all business owners, large and small … Robust cybersecurity measures are important in preventing cyber-attacks.
What happened in this cyber-attack?
The initial action took place on a Tuesday. Once it was detected, CDK Global immediately took corrective action and brought all systems offline to investigate. It was back up and running again the following day, until a second hit occurred. And, back offline they went. It may have been that systems were brought back online too soon, before all compromised areas were discovered, that allowed the second attack to happen. Cybersecurity experts are saying it could be weeks before the system is back to being fully operational.
In today’s business world, we rely on digital systems. While the manual pen-and-paper method are still valid for some transactions, it’s a lot slower. Critical parts of the business process, such as completing transactions, managing payroll and interacting with financial institutions, can come to a standstill. This means that until all systems are “go” – back online – many businesses cannot be fully operational, leading to potential financial losses.
So, What’s Next?
CDK Global didn’t disclose the exact cause of the attack. Their cybersecurity team will need to meticulously review to determine exactly what was compromised and to find the entry point. It’s difficult for companies to learn the details about cyber-attacks. They may not be able to determine the extent of an attack’s network penetration when there are multiple points of vulnerability. Businesses need to take a hard look at their systems. Will they be prepared to continue doing business if and when this happens again?
Do you have a Business Recovery and Continuity Plan (BRCP)?
If you don’t have a Business Recovery and Continuity Plan (BRCP) in place, you’re putting yourself at risk. Maybe you already have one. If you do, ask yourself if it is high-quality, tested often and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
We can help your business by:
- Analyzing your network for vulnerabilities. This will show you if and where an attack can occur. We can then discuss what the steps would be, including solutions to mitigate any risk.
- Determining what continuity or recovery plan makes sense for your organization. Cybersecurity is an essential and necessary element of doing business. But, even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.
Fortify your business online and protect its data by calling our sibling company, Fortifi Cyber Security at 888-500-9111 or schedule a consultation with them today. They can help with penetration testing, cybersecurity consulting, managed security services, event mitigation and more. For all your IT needs, including creating a business continuity plan so you can continue to run if you should experience a breach, call Atlantic Technology Services at 410-860-9899 or click here to schedule a consultation.