The cyberattack on CDK Global, a cornerstone of the automotive industry’s software infrastructure, continues to cast a long shadow over North American car dealerships. Launched on June 19th, the attack forced CDK to shut down critical systems, bringing sales, service, and overall dealership operations to a screeching halt. While CDK has initiated recovery efforts, dealerships are still struggling to regain normalcy, with many resorting to manual processes in a desperate attempt to keep business afloat. This incident serves as a stark reminder of the heightened cybersecurity risks lurking within the automotive industry, particularly for dealerships that have become increasingly reliant on digital tools for day-to-day operations.

The Looming Shadow of Ransomware: Customer Data Security Concerns

As the initial shock subsides, unsettling details are emerging. Reports suggest the attack may have been a ransomware event, raising significant concerns about the security of sensitive customer data. CBS News reports that CDK is reportedly negotiating a ransom demand in the tens of millions of dollars with the attackers. This development adds another layer of complexity to the situation. If the attack compromised customer data, such as names, addresses, Social Security numbers, or credit card information, the consequences could be severe, potentially leading to identity theft and financial fraud. 

A Call for Transparency: The National Automobile Dealers Association and Beyond

The scope of the attack remains shrouded in uncertainty. Details on the attackers’ identity, motives, and the extent of a potential data breach are still unknown. This lack of transparency has understandably caused anxiety among dealerships seeking answers.  The National Automobile Dealers Association (NADA) has rightfully stepped up, demanding more information from CDK. Both dealerships and potentially affected customers deserve clear and concise communication regarding the attack’s nature, potential data security impact, and the steps being taken to address the situation.

A Cybersecurity Wake-Up Call: Strengthening Defenses in the Automotive Industry

The CDK attack serves as a stark reminder of the evolving cybersecurity threats facing the automotive industry. As dealerships become increasingly reliant on digital tools for managing sales, inventory, service, and customer data, their vulnerability to cyberattacks also rises. While we do not know the details of this attack yet, this incident underscores the need for robust cybersecurity measures within dealerships, including:

  • Regular Software Updates:  Maintaining up-to-date software on all devices and systems is crucial for patching known vulnerabilities that attackers can exploit. 
  • Vulnerability Assessments:  Regularly scanning systems for vulnerabilities allows dealerships to identify and address potential weaknesses before they can be weaponized by attackers.
  • Employee Training:  Educating employees on data security best practices, including phishing awareness and password hygiene, is essential for creating a human firewall against social engineering attacks.
  • Cyber Resilience and Recovery Planning: Developing comprehensive strategies and protocols is essential for ensuring a dealership’s ability to withstand and swiftly recover from cyberattacks. These plans encompass proactive measures for risk assessment, threat detection, and mitigation, as well as procedures for responding to incidents, restoring critical operations, and minimizing downtime.

Proactive data protection is no longer optional but a critical business necessity in today’s digital landscape.

Looking Ahead: Transparency, Recovery, and Collective Action

The coming days will be crucial in determining the full impact of the attack and the path forward for CDK and the dealerships they serve. Prioritizing clear communication with dealerships and potentially affected customers is essential for CDK. This includes providing regular updates on:

  • The restoration process 
  • The status of ransom negotiations (if applicable)
  • Any ongoing investigations 

Rebuilding trust takes time, and transparency will be key in that process. Beyond immediate recovery efforts, the automotive industry as a whole needs to prioritize cybersecurity. This attack is likely just one instance of a growing trend. Industry leaders, software providers like CDK, and individual dealerships all need to collaborate on implementing comprehensive cybersecurity strategies that can withstand increasingly sophisticated cyberattacks. Ultimately, the goal should be to prevent similar disruptions in the future and protect the sensitive data entrusted to them by their customers.

However, the responsibility doesn’t end there. Law enforcement agencies need to work alongside cybersecurity experts to investigate the attack, identify the perpetrators, and bring them to justice. This collaborative effort will send a strong message to potential attackers, deterring future attempts and creating a safer digital environment for the entire automotive industry. The CDK attack may have brought dealerships to their knees, but it can also catalyze positive change, prompting a collective effort to fortify the industry’s cybersecurity defenses and protect customer data.

By: Chad Barr – Director of Governance, Risk & Compliance – CISSP | CCSP | CISA | CDPSE | QSA

Reach out to learn how AccessIT Group’s Ransomware Preparedness Services can protect your organization and minimize the impact from this type of attack.

Chad is the Director of Governance, Risk and Compliance for the Risk Advisory Service practice at AccessIT Group (AITG). He is an experienced Information Security Leader with an extensive background in Security Engineering, Project Management, Business, and Compliance. Through his many years of experience, he has established knowledge with respect to governance, regulatory, and compliance frameworks such as CIS, NIST, ISO2700X, and PCI-DSS. He has multi-disciplinary expertise and experience in domains such as application security, security operations, cybersecurity monitoring, vulnerability management, incident management/response, identity and access management, compliance, and cloud infrastructure.

More Blog