• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

how to avoid a CDK style cyber attack that shuts down your dealership

Diversifying your portfolio makes a lot of sense but what is the tax on that?
DMS's want a tax so that other vendors can access the data via api.
Then you also need to pay attention to how fast other vendors can match changes to the data structure that your primary is doing.

I would like to see diversity in this field because it clearly opens up the ability for competition.
Depending upon the vendor, the tax can be pretty big. It largely depends upon the product lineup of a given vendor.

It would be really nice if everyone would just get along for the good of the industry rather than trying to trap clients by not respecting the dealer's philosophy as it relates to vendor choices. But, that isn't the world we live in...for now.

Here's a new business idea for someone OTHER than me. Build a "connector platform" similar to Zapier that is geared toward Automotive. Build a connector application that does nothing but link Company A products to Company B products. Any conversions that need to be made will happen in the connector, and voila...we are seamlessly sharing data! Ha!! Good luck getting anyone to come to the table for that!
 
  • Like
Reactions: Carsten
About 6 months ago I considered zapier solutions. But when you have a DMS wanting $CASH per month access their api and pay to "get setup" I just couldn't figure out how this would make money.

Today though ... I might have made a ton of cash these past 2 weeks.
 
  • Like
Reactions: Tallcool1
I think CDK might be in serious trouble, might be time to start such an entity....

Takeaways

  • Len Bellavia explained that his law firm initiated an antitrust lawsuit against CDK Global and Reynolds & Reynolds about seven years ago. The lawsuit was driven by dealer complaints regarding inflated costs and restricted access to their own data. The claim suggests that CDK and Reynolds colluded to eliminate competition, causing financial harm to dealers.
  • Bellavia highlighted that CDK’s defense in the antitrust case was the necessity of high fees for building a robust cybersecurity platform. However, the recent cyber-attack raises questions about the effectiveness and allocation of those funds. Dealers have expressed frustration over high costs without apparent corresponding security benefits.
  • In the aftermath of the cyber-attack, Belavia advised dealers to avoid rushing into legal actions against CDK. He emphasized the importance of focusing on immediate operational challenges, such as managing payroll and sales tax remittances. Belavia also noted that while dealers have sustained damages, it is premature to determine liability and seek legal redress without concrete evidence.
 
I used to work for CDK on the digital side (formerly Cobalt Group). Then it became Sincro, now Ansira. I can tell you the digital side was pretty buttoned up code wise. All solid engineering practices. I can't speak for DMS and what not, but I'm pretty confident this wasn't reckless engineering. The "smell" to me sounds like social engineering.

With some other attacks I've heard about, I think a lot of these attacks in the future are going to be social engineering exploits. I already know of a few that utilize LinkedIn to pose as members of different accounting teams to update routing numbers, invoices, etc. With AI tools, it's going to make it easier and cheaper. I think I even heard of someone using an AI generated team member on a Zoom call.
 
  • Like
Reactions: Ryan Everson