Sound Bites
"CDK Global faced a massive IT outage due to a ransomware attack"
"CDK was hit by a second ransomware attack"
"The outage meant that dealerships couldn't process sales"
Chapters
00:00 Introduction: CDK Global and the Ransomware Attack
01:31 Impact on Car Dealerships and Operations
04:28 Disruptions Across the Automotive Industry
06:24 Impact on Customers and Consumer Experience
08:17 CDK Global's Response and Customer Feedback
09:45 Lessons Learned: Cybersecurity and Vendor Risk
11:13 Conclusion and Call to Action
Topics: today's cyber flash point, cyber flash point, cyber crime, how to take action against cyber crime, cyber security risks from saas platforms, CDK Global, dealer management systems, ransomware attack, IT outage, manual processes, Black Suit ransomware gang, how to understand all the recent data breaches, how to digest all the recent data breaches, how to digest recent data breaches, recent data breaches, how to digest recent cyber crime, how to take action against cyber crime, cyber security risks from saas platforms, customer satisfaction, transparency, communication, cybersecurity measures, third-party vendors, Ransomware Attack on CDK Global,
Takeaways
- Ransomware attacks can have a devastating impact on businesses, disrupting operations and forcing them to resort to manual processes.
- The CDK Global incident highlights the importance of robust cybersecurity measures and incident response plans.
- Effective communication and transparency during a cyber attack are crucial to maintaining customer satisfaction.
- The incident also underscores the risks associated with relying on a single SaaS platform and the need for stringent cybersecurity standards for third-party vendors.
In today's cyber flash point, we show you how to digest recent data breaches and how to take action against cyber crime
Have you ever wondered how a single cyberattack can cripple an entire industry? Or how businesses can recover from such a devastating blow? Ever realize the cyber security risks from saas platforms?
Why This Matters to Business Leaders
The CDK Global cyberattack is a stark reminder of the vulnerabilities inherent in digital infrastructure. For business leaders, several critical lessons emerge:
- Robust Cybersecurity Measures: It underscores the importance of investing in comprehensive cybersecurity defenses. Businesses must continually update and test their security protocols to protect against evolving threats.
- Rapid Response and Recovery Plans: The incident highlights the necessity of having well-defined incident response and disaster recovery plans. Companies should ensure these plans are regularly updated and rehearsed to minimize downtime and operational impact.
- Communication and Transparency: Effective communication during a crisis is crucial. CDK Global faced criticism for not sharing enough information promptly with their customers. Transparent communication can help manage customer expectations and maintain trust during such incidents.
- Vendor and Supply Chain Risks: The attack also illustrates the risks associated with third-party vendors. Businesses need to assess and mitigate these risks, ensuring their partners also adhere to stringent cybersecurity standards.
D. Mauro (00:04.02)
Welcome everybody and welcome to CYBER FLASH POINTS So in today's CYBER FLASH POINT we're going to show you how to digest recent data breaches and how to take action against cybercrime. Have you ever wondered how a single cyber attack can cripple an entire industry or how businesses can recover from such a devastating blow? Ever realized the cybersecurity risks from SaaS platforms? So
Today we're going to dive into the story of CDK Global. I'm sure you've seen it in the news. It's a leading provider of dealer management systems. They're called DMS, dealer management systems. And they're relied on by the CDK Global's dealer management system is relied on by car dealerships across North America. Well, recently, CDK Global faced a massive IT outage due to a ransomware attack.
It disrupted operations for thousands of car dealerships across North America. The story isn't just about the attack, but it's also about the resilience and determination of how to overcome such a crisis. CDK Global is known for a comprehensive SaaS platform. It provides applications essential for sales, financing, inventory management, and customer service. With these systems offline,
dealerships were thrust into chaos, reverting to manual processes just to keep their doors open. Reports emerged of dealerships using spreadsheets and posted notes like it was the freaking 1980s, just to manage daily tasks, which are usually handled by the SaaS platform. Started on June 18th, June 18th, CDK Global
their world was turned upside down. It was a ransomware attack later identified as the work of the infamous black suit ransomware gang. I'll even play an effect for you. Black suit, black suit ransomware gang. You're welcome. And it struck them hard. It forced CDK to shut down their IT systems and their data centers. I mean, imagine the chaos that dealers were suddenly thrust.
D. Mauro (02:31.381)
back in the era of pen and paper, unable to process sales, unable to process financing, unable to process service operations. In the CDK Global's DMS system is used by tens of thousands of car dealerships in North America. The attack left the dealerships in a lurch. Buyers couldn't purchase cars. Those needing service for existing cars were left waiting.
And then the situation worsened the next day, when during the restoration process of the cyber attack, CDK was hit by a second attack. You're welcome. I'm just trying to make it interesting for you. But they were hit by a second ransomware attack, that relentless wave of attacks, not only delayed recovery, but also spread panic and uncertainty across the entire
auto industry. The the true extent kind of began to reveal itself just as they were beginning their incident response and their restoration in the evening of June 19th. Remember the first attack happened on June 18th. That's when the second attack occurred, forcing them once again to shut down their systems.
to prevent further damage. It led to significant disruptions across the board. It affected over 15 identified car dealerships and all of them were reliant on CDK's dealer management system for their daily operations. It once again stopped all sales processing, all financing processing and all service operations, all of it coming to a complete standstill.
Major players in the automobile industry, such as Penske Automotive Group and Sonic Automotive, were among the hardest hit. These companies disclosed in SEC filings that their operations had been significantly disrupted. Penske's premier truck group, which relies heavily on the systems, had to implement business continuity plans and revert to manual processes. Sonic Automotive
D. Mauro (04:56.629)
reported similar struggles indicating that all of their dealerships were using workarounds in order to minimize the disruptions. Dealership employees described a scene of confusion and frustration. On certain social media blog platforms, workers shared stories of being left without nothing to do. Several of them were reporting being sent home because the systems they depended on were down. And essential tasks like
tracking and ordering of car parts, processing new sales and managing customer relations were all in disarray. One employee mentioned how they were forced to manage everything with pen and paper using Post -it notes in a method that they had not seen in the industry for decades. The perpetrators were the Black Suit Ransomware Gang. For those that follow, they stemmed, they're essentially a rebrand of the Royal Ransomware Gang.
The gang's origins actually trace back to the original Conti cybercrime syndicate notorious for pretty sophisticated cyber attacks worldwide and with ties to the Russian Federation of the Russian government. The attack on CDK Global was no exception to this. Black Suit, the infiltrated CDK systems, forcing this company into negotiations to obtain that
decrypt key and prevent the leaked data from causing further damage. The cyber tech though didn't just affect dealerships. It had a profound impact on us, the consumers, on car buyers and owners. Customers looking to buy new vehicles or service existing ones were met with apologies and delays. And with the entire process of buying a car,
from inventory checks, availability to financing, all of that being handled by CDK's platform, the outage meant that dealerships couldn't process sales. Service delivery and service departments were also equally hit with delays in parts delivery and repair services due to the systems being down. The disruption extended beyond
D. Mauro (07:21.781)
the immediate business operations, the inability to service vehicles promptly or complete sales, it affected customer satisfaction. And long term, we will all see what it did to dealer reputations. The automotive industry, which heavily relies on timely and efficient service, it faces now potential long term repercussions due to this.
Despite the challenges, CDK adopted a phased approach to restoring and they anticipate that it will all be done by today, the day of this recording, which is July 3rd. They anticipate all dealer connections will be back live. So please leave us a comment, let us know what you're seeing. You know, some people, CDK is getting mixed reviews. They're saying,
that the determination efforts of CDK in responding and addressing to major ransomware tax are to be commended. And it sounds like they should be. The other side is there's a lot of customer complaints that are out there about not being transparent enough and not communicating or over communicating during a time of crisis with their customers. This gets into that
you know, handling business crisis and methods of communication. And they can take a lesson from PR firms who really handle crisis interventions like this quite well. In the end, what we think of and what this story kind of revolves around is it's a stark reminder that every time we get online, we enter their
Right? Clearly to have robust cybersecurity measures, to have those incident response plans with the rehearsals, right? Actually simulate through tabletop exercises. That really leads to a swift recovery and it's the difference between a long standing recovery and a delayed one. And then also addressing.
D. Mauro (09:45.813)
the communication along the way. It's great that they had a very good phased approach and that they were addressing it right away. The downside is the impression from the customers is that they weren't communicated with enough. And in the end, whether they feel they were communicating with them enough or not, it's really about what the customers hear and how the customers feel. And so we can all draw a lesson here from that.
And it also highlights, you know, our take on this is it also highlights not just the communication and transparency challenge, but vendor supply and supply chain risk, because that's what this is, right? The attack, it illustrates the risks that are associated with third party vendors, right? Businesses relying entirely on one single SaaS platform. They have to...
begin to ensure that their partners adhere to strict and stringent cybersecurity standards. So we hope that you enjoyed the cyber flash point. You know, we're, we're trying to shorten some of these up so that you can find out and kind of, you know, figure out how to digest some of the recent breaches that are in the news and so that you can figure out how to take action against cyber crime. So
Thank you for listening. Check out our next episode and do us a favor if you enjoy our podcast, two things that we really, really need in the next few months. And that is subscribe to our YouTube channel. It's free. We're not going to spam you or email you or sell your data. And please leave us a positive review on the podcast platform that you use. If it's Spotify, leave us a review. If it's Apple Podcast,
please leave us a five star review, make a comment. We want to know what we're doing well. And if you got a problem with anything that we're providing, shoot us a text directly. We will respond. We're very open and adaptable. So thank you for listening. Thanks for being a cybercrime junkie.
