how to avoid a CDK style cyber attack that shuts down your dealership

[Generic Salesperson]

We are coming off the summer RefreshFriday break this week to focus on this topic! Brain Trust Partners (Cyber Security Firm) and the Horne Auto Group (CDK Client) are guests this Friday.

Link to the video: Learnings from CDK's Cyber Attack | Tim Hayden & April Simmons July 11, 2024


Here's a solution to the OP... pay $25 million ransom:
CNN Report: How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom

 

[Terry Dortch]

First and Foremost Dealers have no say in what CDK does about their Cyber Security or anything else for that matter except through purchasing decisions. Dealers have to make sure that they are protected and need to have processes and programs in place to protect them against any loss due to an uncontrollable breach from a third party IE CDK and this third party could be any one of the many platforms that Dealers employ. Dealers need to be implementing a phishing campaign which will be more prevalent now after the breach, run vulnerability scans, follow up on the information provided by the scan not just assume that the scan is enough we must remediate, and conduct regular physical audits so that the trail sets the dealer up for an "Affirmative Defense" should anything happen. We just need to be as prepared as possible because this will not be the last one of these.

 

[TScheer]

The "cyber attack" has become main stream news as dealerships struggle to operate.

What steps can be taken to avoid being at the mercy of a CDK style takedown?

Would it make sense to run two competing systems side by side so that WHEN one gets attacked the other will work?

Is there a business opportunity here, or an opportunity to provide consulting services?

Vendors, dealers, others... what is your take on this?

While my big picture answer to this question is let's talk about how implementing a master data management plan will protect you as much as humanly possible. Here are 7 more tactical answers to your question:

1. Implement Multi-Layered Security
   • Adopt a comprehensive cybersecurity strategy that includes prevention, protection, and response capabilities 3
   • Use firewalls, antivirus software, and intrusion detection systems
2. Regular Software Updates and Patch Management
   • Ensure all systems and software are regularly updated to address known vulnerabilities
3. Employee Training and Awareness
   • Educate staff about phishing attacks and other social engineering tactics (it is quite possible that the CDK hack started within a dealership somewhere)
   • Implement strict password policies and multi-factor authentication
4. Data Backup and Recovery Plans
   • Maintain regular, secure backups of critical data
   • Develop and test disaster recovery plans to ensure quick restoration of services
5. Third-Party Risk Management
   • Carefully vet software providers and other vendors for their security practices
   • Consider using multiple providers to avoid single points of failure
6. Network Segmentation
   • Isolate critical systems and limit access to sensitive data
7. Incident Response Planning
   • Develop and regularly update an incident response plan
   • Conduct tabletop exercises to practice responding to potential cyberattacks

 

[Carsten]

Those are great solutions! Basically companies need to do this or pay a company to do it for them.

But let's consider something.
I have been to dealerships that make their sales folks buy their own drinks from vending machines. Others, they provide a coffee maker.

How big would a dealership need to be to afford at least 1 FT IT security specialist and can afford to pay for 3rd services and training?

1. In a way, I can see chromebooks as great tools to assist in securing your company; data gets stored on the cloud.
2. Then put a major focus on phising and social engineering prevention.
3. IF possible, provide cell phones for all staff to be used while at work and prevent all personal phones from being used.

 

[kasra.appech]

Nothing is perfect, and it really comes down to how solid your disaster recovery plan is.

Should you switch platforms? Maybe, depending on your situation.Build your own system? Definitely not.Go back to old methods? No way.

Keep back ups and don’t rely on just one backup—have multiple. If you have your data and CDK goes under, you’re covered (with the exception of down time, but with out your data..there is no recovery). You can move to another platform and import your data without losing too much time.