Has CDK Global’s IT Incident Affected Your Organization?

July 01, 2024

Share

print-icon

Print

Key insights

CDK Global’s June 18 North American IT outage impacted its dealer management system.

Dealerships should immediately implement business continuity and incident response procedures to help mitigate cyber incidents.

Remain vigilant against social engineering attacks and review system logs for abnormal activity.

Don’t let cyber criminals catch your dealership off guard.

Contact Us

CDK’s June 18 North American IT outage impacted its dealer management system, which dealerships use to complete deals, register vehicles, handle accounting transactions, provide payroll services, integrate with a wide variety of websites and third-party affiliates, and more.

What should my dealership do?

  • Make your staff aware of this threat and remain diligent to help prevent falling victim to social engineering attacks.
  • Review system logs and security events to look for abnormal activity.
  • Evaluate the security of your external perimeter. An apparent spike in unauthorized login attempts on dealership systems may or may not be related to this incident, but it’s always a good time to review security controls for your systems and data. Make sure you have strong passwords, and that all remote access requires multi-factor authentication.
  • Inform your insurance carrier. Cybersecurity coverage generally has a requirement to timely inform the carrier of the cyber incident, and there may be a possible claim for damages incurred.
  • Dealers should also closely monitor all banking activity and timely investigate and report any unusual activity.

How can I mitigate cyber incidents?

There is no way to eliminate all cyber risks. However, you can establish many mitigating controls to help lessen the likelihood and impact of an incident.

  • Complete regular internal and external penetration testing and vulnerability scanning on your network.
  • Formalize configuration standards and patch management procedures.
  • Formalize your dealership’s vendor due diligence procedures.
  • Test your backups to understand the potential impact a ransomware incident could have on your network. Backups should be immutable or offline.
  • Complete incident response tabletop exercises and require incident response training for relevant staff and stakeholders.
  • Verify your intrusion detection and prevention system is alerting on any suspicious events.
  • Regularly validate firewall rules are not overly permissive.
  • Formalize your dealership’s:
    • Business continuity plan
    • Disaster recovery plan
    • Incident response plan

By this point, if you are a customer of CDK, you have likely implemented continuity procedures to continue your operations and serve your customers. After the dust settles, you may want to take this opportunity to work with a cybersecurity advisor who can help you update and bolster your defenses.

How CLA digital services can help financial institutions

A digital strategic plan for financial institutions is invaluable for driving growth in the digital age. CLA can help your financial institution adapt to industry shifts and prepare for the challenges of the future with a talented, insightful team that understands the ins and outs of the financial services industry.

CLA’s digital services team can help you develop strategies to leverage trends, overcome challenges, and innovate for the future.

Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article.

Get started at GoDigital.CLAconnect.com

The information contained herein is for informational purposes only, general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CLA) to the reader. Your use of the information does not create a client or any other contractual relationship between you and CLA. ©️2024 CliftonLarsonAllen LLP. For more information, visit godigital.CLAconnect.com. CLA (CliftonLarsonAllen LLP) is an independent network member of CLA Global. See CLAglobal.com/disclaimer.

How CLA digital services can help

CLA’s digital cybersecurity group offers penetration testing, vulnerability scanning, and can help with business continuity, disaster recovery, and incident response planning, as well as assessing your current IT security environment and identifying mitigating actions you should take.

Testing your plans is also crucial. CLA offers incident response tabletop exercises specific to ransomware to help prepare your organization in the event of a cyber incident. Additionally, CLA professionals within our Valuation, Forensics, Litigation & Investigations (VFLI) group can shed light on current and future risk areas and growth opportunities.

CLA’s digital services team can help you develop strategies to leverage trends, overcome challenges, and innovate for the future.

Tags

Automation and integration
Cybersecurity
Back to Insights

Connect

David Anderson

David Anderson

Principal, Digital – Cybersecurity

Featured articles

Article

A Key Tool to Improve Transportation Management System Reporting
Read Now

Article

The Need for AI Literacy in Financial Services Leadership
Read Now

Article

Improve Employee Experience with Digital Solutions
Read Now
View More

Experience the CLA Promise

Sign up to receive custom information and insights delivered straight to your inbox.

Subscribe