Has CDK Global’s IT Incident Affected Your Organization?
Key insights
CDK Global’s June 18 North American IT outage impacted its dealer management system.
Dealerships should immediately implement business continuity and incident response procedures to help mitigate cyber incidents.
Remain vigilant against social engineering attacks and review system logs for abnormal activity.
Don’t let cyber criminals catch your dealership off guard.
CDK’s June 18 North American IT outage impacted its dealer management system, which dealerships use to complete deals, register vehicles, handle accounting transactions, provide payroll services, integrate with a wide variety of websites and third-party affiliates, and more.
What should my dealership do?
- Make your staff aware of this threat and remain diligent to help prevent falling victim to social engineering attacks.
- Review system logs and security events to look for abnormal activity.
- Evaluate the security of your external perimeter. An apparent spike in unauthorized login attempts on dealership systems may or may not be related to this incident, but it’s always a good time to review security controls for your systems and data. Make sure you have strong passwords, and that all remote access requires multi-factor authentication.
- Inform your insurance carrier. Cybersecurity coverage generally has a requirement to timely inform the carrier of the cyber incident, and there may be a possible claim for damages incurred.
- Dealers should also closely monitor all banking activity and timely investigate and report any unusual activity.
How can I mitigate cyber incidents?
There is no way to eliminate all cyber risks. However, you can establish many mitigating controls to help lessen the likelihood and impact of an incident.
- Complete regular internal and external penetration testing and vulnerability scanning on your network.
- Formalize configuration standards and patch management procedures.
- Formalize your dealership’s vendor due diligence procedures.
- Test your backups to understand the potential impact a ransomware incident could have on your network. Backups should be immutable or offline.
- Complete incident response tabletop exercises and require incident response training for relevant staff and stakeholders.
- Verify your intrusion detection and prevention system is alerting on any suspicious events.
- Regularly validate firewall rules are not overly permissive.
- Formalize your dealership’s:
- Business continuity plan
- Disaster recovery plan
- Incident response plan
By this point, if you are a customer of CDK, you have likely implemented continuity procedures to continue your operations and serve your customers. After the dust settles, you may want to take this opportunity to work with a cybersecurity advisor who can help you update and bolster your defenses.
How we can help
CLA’s digital cybersecurity group offers penetration testing, vulnerability scanning, and can help with business continuity, disaster recovery, and incident response planning, as well as assessing your current IT security environment and identifying mitigating actions you should take.
Testing your plans is also crucial. CLA offers incident response tabletop exercises specific to ransomware to help prepare your organization in the event of a cyber incident. Additionally, CLA professionals within our Valuation, Forensics, Litigation & Investigations (VFLI) group can shed light on current and future risk areas and growth opportunities.
Tags
Connect
David Anderson
Principal, Digital – Cybersecurity
Experience the CLA Promise
Sign up to receive custom information and insights delivered straight to your inbox.