A recent cyberattack on CDK Global disrupted operations across North America, forcing car dealerships to rely on manual processes. As CDK works to restore its IT systems, sales, inventory management, and customer service have been significantly impacted. Business leaders in the automotive industry should closely monitor the situation and assess their own cybersecurity measures to prevent similar disruptions.

CDK Global, which serves 15,000 car dealerships in North America, actually faced a double cyberattack by the same perpetrators.

In summary, what is known so far:

Source: Bloomberg
  1. Nature of the Attack:
    • Ransomware: The attack disrupted operations across North America, forcing car dealerships to revert to manual processes. CDK Global’s IT systems and data centers were compromised, impacting critical functions such as sales, inventory management, and customer service.
    • BlackSuit Gang: The threat actors responsible for this attack are the BlackSuit ransomware gang. They demanded a significant ransom to prevent the leak of stolen data.
  2. Business Impacts and Costs:
    • Sales Disruption: Car dealerships couldn’t process auto repairs and new car sales efficiently due to the system outage.
    • Inventory Challenges: Inventory management was affected, potentially leading to delays and inefficiencies.
    • Customer Service Impact: Customer inquiries and support services were disrupted.
    • Financial Costs: While the exact financial impact isn’t specified, such disruptions can result in significant losses for both CDK Global and the dealerships.
  3. Victim’s Response and Mistakes:
    • CDK Global is negotiating with the attackers to obtain a decryptor and prevent data leaks.
    • However, the fact that they were compromised twice indicates potential mistakes in their initial cyber response.
    • Supply Chain Risk: The attack highlights the risk posed by specialized vendors. CDK Global’s reliance on third-party software providers makes them vulnerable to supply chain cyberattacks.

CDK Global’s experience underscores the importance of robust cybersecurity practices, supply chain risk management, and swift incident response. Business stakeholders in the automotive sector should learn from this incident and enhance their defenses against ransomware threats.