If your business’s software unexpectedly went down because of a cyber-attack and you had no idea when it would be fixed, what would you do? We’re talking about the software that is used to close deals and pay employees. Could you continue doing business? How much money would you lose?
In June of this year, this nightmare happened to over 15,000 US- and Canada-based car dealerships when two cyber-attacks occurred on the popular industry software provider, CDK Global. This software cyber-attack shut down the sales, financing and payroll systems for thousands of dealers, forcing them to either stop business or revert to the stone age pen-and-paper method.
Let this incident be a wake-up call for all business owners, large and small … Robust cybersecurity measures are important.
What Happened in this cyber-attack?
On Tuesday, June 18, the initial action took place. Once it was detected, CDK Global immediately took corrective action and brought all systems offline to investigate. It was back up and running again the following day, until a second hit occurred. And, back offline they went. It could have been that systems were brought back online too soon, before all compromised areas were discovered and that’s what allowed the second attack to happen. Cybersecurity experts are saying it could be weeks before the system is back to being fully operational.
In today’s business world, we rely on digital systems. And, while the manual pen-and-paper method are still valid for some transactions, it’s a lot slower. Critical parts of the business process, such as completing transactions, managing payroll and interacting with financial institutions, can come to a standstill. This means that until all systems are “go” – back online – many businesses cannot be fully operational, leading to potential financial losses.
So, What’s Next?
CDK Global didn’t disclose the exact cause of the attack. Their cybersecurity team will need to meticulously review every area of the business to determine exactly what was compromised and to find the entry point. It’s difficult for companies to learn the details about cyber-attacks because they may not be able to determine the extent of an attack’s network penetration when there are multiple points of vulnerability. Businesses need to take a hard look at their systems. Will they be prepared to continue doing business if and when this happens again?
Do you have a business recovery and continuity plan should a cyber-attack attack you?
If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. Maybe you already have one — ask yourself if it is high-quality, tested often and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
We can help your business by:
- Analyzing your network for vulnerabilities. This will show you if and where an attack can occur. We can then discuss what the steps would be, including solutions to mitigate any risk.
- We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.
Get started fortifying your business online and protecting its data by calling Fortifi Cyber Security at 888-500-9111 or schedule a consultation today. We can help with penetration testing, cybersecurity consulting, managed security services, event mitigation and more. For all your IT needs, including creating a business continuity plan so your business can continue to run if you should experience a breach, call our sibling company, Atlantic Technology Services, at 410-860-9899 or click here to schedule a consultation.