CDK Ransomware Attacks – A Lesson you need to learn from.

If you don’t know, I’ll fill you in. CDK Global Systems is the leading Software platform for over 15,000 car dealerships. On June 19th, 2024 – their systems went offline due to a cyber incident, a ransomware attack.

The importance of this attack are the following points I want to address, and it should be a lesson for all businesses:

• Supply Chain Attacks
• Incident and Disaster Recovery Planning.

Supply Chain Attacks

What are supply chain attacks? Most people believe supply chains are related to manufacturing, warehousing, or logistics. Every business has a supply chain, and every company is part of it.

Let me explain: Your business makes a product or delivers a service. You have vendors who help you do that, and you have clients to whom you provide those services or products. Simply put, that is your supply chain.

Even if you only communicate with your vendors or clients through emails, there is still a potential threat.

Here is how that might work: Your vendor’s system has been compromised. The criminals get into their email system and send you an email that contains malicious code. Since it is your vendor, you trust the source and open the email. You inadvertently download the malicious Software, which now affects your systems. Through this malicious code, they can get into your email system. The criminals send malicious emails, but now they are sent to your customers and other vendors. Since these people know you, they trust the email and open it.

It’s a simplistic example, but you get the point. Without proper checkpoints and verifications, we allow other businesses’ security decisions to become yours.

Relying on Software Vendors and Platforms Security System

Discussing cybersecurity can seem overwhelming. We discuss risks and vulnerabilities. I have spoken to prospects who commonly say well, XYZ software says they have good security, so we don’t need anything. The misconception is that because they don’t keep anything local, and the software vendor says they have adequate protection, they don’t need anything.

The problem with this thinking is that it’s just plain wrong. There is just no better way of saying this. Until we become enslaved by robots, humans remain the weakest link in the security chain.

• They click on the wrong emails and send sensitive information over unencrypted methods.
• Store sensitive information on local computers because they either downloaded it or scanned it to their computer to upload but forgot to delete that item from the computer.

Incident Response and Disaster Recovery Planning

It’s not just about what they can get from you, although it is why they have come in the first place. It’s about the disruption they can cause to your business. It can even be your reputation that suffers.

We can’t avoid every incident or disaster but can plan how to respond. With the help of your executive team or department heads, conduct a CyberSWOT on your business.

• Strengths: Operationally and financially, where do you stand if you were to be a victim of a cybercrime (directly or indirectly)? How could you weather the storm?
• Weaknesses: Determine what your risks and vulnerabilities are. Where could you be a victim? Are you using one piece of Software that runs your entire business? What does that look like if it’s down?
• Opportunities: What is in your universe that you have control over? What improvements can you make that might help you?
• Threats: What things influence your universe that you don’t have control over but are critical to your operations?

Understanding your weaknesses can help you plan how to respond in an emergency.

If we bring this back to the CDK ransomware attack, the auto dealership that ran its entire business on the CDK platform. Performing a CyberSWOT or a Business Impact Analysis would have revealed a considerable weakness and threat to your business.

This revelation would have allowed you to prepare contingencies, an incident response plan to deal with the outage, and a disaster recovery plan to help return to normal operations. You could have quickly established the tools and policies to operate your business “offline.”

Conversely, you may have decided to make different business decisions, like diversifying your software platforms or determining whether a redundant system that runs in parallel with your current solution is possible.

One thing can be certain: you cannot make any decisions without understanding your risks and vulnerabilities.

Next Steps

Underdog Cyber Defense is an IT Service Provider that specializes in Cybersecurity. We offer a Business Impact Analysis or our CyberSWOT, which helps you identify your “hidden risks” and vulnerabilities. We help you find those blind spots and provide recommendations for you to implement yourself. Address them with your current IT provider, or we can manage them for you.