Back to all insights

CDK Ransomware Attacks – A Lesson you need to learn from.

Picture of Carmine J. Corridore

Carmine J. Corridore

Carmine Corridore is a seasoned professional in the I.T. industry with over 30 years of experience. He has held various positions from field tech, team lead, service manager, project manager, and Director of I.T. Currently, he serves as the Client Facing Chief Strategy Officer and President of Underdog Cyber Defense. Carmine is a Rotarian and serves on the local chamber board and several committees. Carmine believes in giving back to the community, and he accomplishes that through donations and sourcing local talent and goods. Carmine is Credentialed and Certified in Cybersecurity.

Book a 15 Minute Strategy Session

If you don’t know, I’ll fill you in. CDK Global Systems is the leading Software platform for over 15,000 car dealerships. On June 19th, 2024 – their systems went offline due to a cyber incident, a ransomware attack.

The importance of this attack are the following points I want to address, and it should be a lesson for all businesses:

  • Supply Chain Attacks
  • Incident and Disaster Recovery Planning.

Supply Chain Attacks

What are supply chain attacks? Most people believe supply chains are related to manufacturing, warehousing, or logistics. Every business has a supply chain, and every company is part of it.

Let me explain: Your business makes a product or delivers a service. You have vendors who help you do that, and you have clients to whom you provide those services or products. Simply put, that is your supply chain.

Even if you only communicate with your vendors or clients through emails, there is still a potential threat.

Here is how that might work: Your vendor’s system has been compromised. The criminals get into their email system and send you an email that contains malicious code. Since it is your vendor, you trust the source and open the email. You inadvertently download the malicious Software, which now affects your systems. Through this malicious code, they can get into your email system. The criminals send malicious emails, but now they are sent to your customers and other vendors. Since these people know you, they trust the email and open it.

It’s a simplistic example, but you get the point. Without proper checkpoints and verifications, we allow other businesses’ security decisions to become yours.

Relying on Software Vendors and Platforms Security System

Discussing cybersecurity can seem overwhelming. We discuss risks and vulnerabilities. I have spoken to prospects who commonly say well, XYZ software says they have good security, so we don’t need anything. The misconception is that because they don’t keep anything local, and the software vendor says they have adequate protection, they don’t need anything.

The problem with this thinking is that it’s just plain wrong. There is just no better way of saying this. Until we become enslaved by robots, humans remain the weakest link in the security chain.

  • They click on the wrong emails and send sensitive information over unencrypted methods.
  • Store sensitive information on local computers because they either downloaded it or scanned it to their computer to upload but forgot to delete that item from the computer.

Incident Response and Disaster Recovery Planning

It’s not just about what they can get from you, although it is why they have come in the first place. It’s about the disruption they can cause to your business. It can even be your reputation that suffers.

We can’t avoid every incident or disaster but can plan how to respond. With the help of your executive team or department heads, conduct a CyberSWOT on your business.

  • Strengths: Operationally and financially, where do you stand if you were to be a victim of a cybercrime (directly or indirectly)? How could you weather the storm?
  • Weaknesses: Determine what your risks and vulnerabilities are. Where could you be a victim? Are you using one piece of Software that runs your entire business?What does that look like if it’s down?
  • Opportunities: What is in your universe that you have control over? What improvements can you make that might help you?
  • Threats: What things influence your universe that you don’t have control over but are critical to your operations?

Understanding your weaknesses can help you plan how to respond in an emergency.

If we bring this back to the CDK ransomware attack, the auto dealership that ran its entire business on the CDK platform. Performing a cyberSWOT or a Business Impact Analysis would have revealed a considerable weakness and threat to your business.

This revelation would have allowed you to prepare contingencies, an incident response plan to deal with the outage, and a disaster recovery plan to help return to normal operations. You could have quickly established the tools and policies to operate your business “offline.”

Conversely, you may have decided to make different business decisions, like diversifying your software platforms or determining whether a redundant system that runs in parallel with your current solution is possible.

One thing can be certain: you cannot make any decisions without understanding your risks and vulnerabilities.

Next Steps

Underdog Cyber Defense is an IT Service Provider that specializes in Cybersecurity. We offer a Business Impact Analysis or our CyberSWOT, which helps you identify your “hidden risks” and vulnerabilities. We help you find those blind spots and provide recommendations for you to implement yourself. Address them with your current IT provider, or we can manage them for you.

author avatar
Carmine Corridore
See Full Bio

Monroe County, Pennsylvania (PA)

Analomink – Appenzell – Arlington Heights – Arrowhead Lake – Barton Glen – Bartonsville – Blakeslee – Blakeslee Estates – Blue Mountain Pines – Bossardsville – Brainerd Center – Briar Crest Woods – Brodheadsville – Buck Hill Falls – Camelot Forest – Canadensis – Castle Garden – Castle Rock Acres – Chestnuthill Township – Coolbaugh – Coolbaugh Township – Coveville – Craigs Meadow – Crescent Lake – Cresco – Delaware Water Gap – Dotters Corners – East Stroudsburg – East Swiftwater – Easton Anglers – Echo Lake – Effort – El-Do Lake – Eldred Township – Emerald Lakes – Fernridge – Fiddletown – Forest Glen – Foxtown Hill – Frutchey – Gilbert – Gravel Place – Hamilton Square – Hamilton Township – Henryville – Indian Mountain Lake – Jackson – Jackson Township – Jonas – Kahkhout Mountain – Kellersville – Kemmererville – Kingswood Estates – Kresgeville – Kunkletown – Lake Naomi Estates – Little Summit – Locust Lakes Village – Long Pond – Lower Tannersville – Marshalls Creek – McIlhaney – McMichael – Mechanicsville – Meisertown – Merwinsburg – Middle Smithfield Township – Minisink Hills – Monroe Lake – Monroe Township – Mount Pocono – Mount Zion – Mountain Top Estates – Mountainhome – Mushroom Farms – Neola – North Water Gap – Oak Grove – Paradise Crossing – Paradise Township – Paradise Valley – Parkside – Penn Estates – Pleasant Valley Estates – Pleasant View Lake – Pocono Country Place – Pocono Farms East – Pocono Heights – Pocono Lake – Pocono Laurel Lake – Pocono Manor – Pocono Pines – Pocono Playhouse – Pocono Summit – Pocono Summit Estates – Pocono Township – Polk Township – Poplar Bridge – Pocono Township – Price Township – Preserve – Red Ledge Manor Estates – Reeders – Resica Falls – Robin Hood Lakes – Ross Common – Ross Township – Rossland – Sandhill – Saylorsburg – Sciota – Scotrun – Shawnee on Delaware – Shoemakers – Sierra View – Ski Haven Lake Estates – Skytop – Smith Gap – Smithfield Township – Snow Hill Falls – Snydersville – Spruce Hill – Stillwater Lake Estates – Stillwater Lakes – Stormville – Stroud Township – Stroudsburg – Sun Valley – Swiftwater – Tannersville – Tobyhanna – Tobyhanna Township – Tunkhannock Township – Turn Villa – Wagners – Wagners Forest Park – Warnertown – Weir Lake – Wigwam Lake Estates – Wilderness Acres – Winona Lakes – Wiscasset – Wooddale.

Lehigh Valley, Pennsylvania (PA)

Alburtis – Allen Junction – Alton Park – Allentown – Ancient Oaks – Arlington Knolls – Balliettsville – Best Station – Bethlehem – Bittners Corner – Breinigsville – Bungalow Park – Catasauqua – Cedarbrook County Home – Cementon – Center Valley – Centreville – Chapman – Chestnut Hill – Claussville – Coffeetown – Colesville – Coplay – Corning – Crackersport – Custer – DeSales University – Dewey Heights – Diebertsville – Dillingerville – Dorneyville – East Allentown – East Fogelsville – East Texas – Egypt – Emerald – Emmaus – Emmaus Junction – Evergreen Park – Farmington – Fogelsville – Fountain Hill – Friedens – Friedensville – Fullerton – Gauff Hill – Germansville – Greenawalds – Griesemersville – Guth – Guthsville – Haafsville – Haines – Hanover Acres – Hawktown – Helfrichsville – Hensingersville – Hillside – Hilltown – Hokendauqua – Home Park – Hosensack – Hynemansville – Ironton – Jacksonville – Jordan Valley – Juniper Circle – Kaywin – Kernsville – Krassdale – Krocksville – Kuhnsville – Lanark – Laurys Station – Leather Corner Post – Lehigh Furnace – Lehigh Gap – Limeport – Litzenberg – Lochland – Lockridge – Locust Valley – Lynnport – Lynnville – Lyon Valley – Macungie – Mechanicsville – Metamora Station – Meyersville – Mickleys – Mickleys Gardens – Midway Manor – Milford Park – Minesite – Mosserville – Mountainville – Neffs – New Smithville – New Tripoli – Newhard – Newside – Newtown – North Coplay – North Fogelsville – Notre Dame Hills – Old Zionsville – Orefield – Ormrod – Overlook Springs – Park Way Manor – Parkside Courts – Peters Store – Pleasant Corners – Powder Valley – Raberts Corner – Raubs Mills – Rextown – Rising Sun – Ritterville – River View – Rockdale – Rosemont Terrace – Ruchsville – Ruppsville – Saegersville – Saucon Valley – Saucon Valley Terrace – Scheidy – Scherersville – Schnecksville – Schneidersville – Seiberlingville – Seiple – Seipstown – Shankweilers – Shimerville – Sigmund – Slateville – Slatedale – Slatington – Spring Creek – Steinsville – Sterlingworth – Stetlersville – Stiles – Stines Corner – Summit Lawn – Switzer – Trexlertown – Trout Creek – Unionville – Vera Cruz – Vera Cruz Station – Walbert – Waldheim Park – Wanamakers – Weidasville – Weilersville – Weisenberg – Wellington – Welshtown – Wennersville – Werleys Corner – Wescosville – West Catasauqua – Westwood Heights – Wilbur – Williamstown – Woodlawn – Zionsville

more insights

Book a 15-Minute Strategy Session!

Are you ready to take the next step toward your business’s cyber security? Contact us today with any questions you might have or to request a no-hassle strategy session — we’re ready to fight for you!

Facebook Twitter Youtube Linkedin
Join Our Newsletter!

This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.

Copyright © 2023 Underdog Computer and Network Support | All Rights Reserved.
Webite Design by Rosler Website Design

New Look. New Name. New Focus.

Underdog Cyber Defense, formerly know as Underdog Computer and Network Solutions LLC., has rebranded to communicate that we are now focusing our exceptional IT and network capabilities on the vast challenges associated with Cyber Security.