Has CDK Global’s IT Incident Affected Your Organization?


July 01, 2024


Key insights

CDK Global’s June 18 North American IT outage impacted its dealer management system.

Dealerships should immediately implement business continuity and incident response procedures to help mitigate cyber incidents.

Remain vigilant against social engineering attacks and review system logs for abnormal activity.

Don’t let cyber criminals catch your dealership off guard.

Contact Us

CDK’s June 18 North American IT outage impacted its dealer management system, which dealerships use to complete deals, register vehicles, handle accounting transactions, provide payroll services, integrate with a wide variety of websites and third-party affiliates, and more.

What should my dealership do?

  • Make your staff aware of this threat and remain diligent to help prevent falling victim to social engineering attacks.
  • Review system logs and security events to look for abnormal activity.
  • Evaluate the security of your external perimeter. An apparent spike in unauthorized login attempts on dealership systems may or may not be related to this incident, but it’s always a good time to review security controls for your systems and data. Make sure you have strong passwords, and that all remote access requires multi-factor authentication.
  • Inform your insurance carrier. Cybersecurity coverage generally has a requirement to timely inform the carrier of the cyber incident, and there may be a possible claim for damages incurred.
  • Dealers should also closely monitor all banking activity and timely investigate and report any unusual activity.

How can I mitigate cyber incidents?

There is no way to eliminate all cyber risks. However, you can establish many mitigating controls to help lessen the likelihood and impact of an incident.

  • Complete regular internal and external penetration testing and vulnerability scanning on your network.
  • Formalize configuration standards and patch management procedures.
  • Formalize your dealership’s vendor due diligence procedures.
  • Test your backups to understand the potential impact a ransomware incident could have on your network. Backups should be immutable or offline.
  • Complete incident response tabletop exercises and require incident response training for relevant staff and stakeholders.
  • Verify your intrusion detection and prevention system is alerting on any suspicious events.
  • Regularly validate firewall rules are not overly permissive.
  • Formalize your dealership’s:
    • Business continuity plan
    • Disaster recovery plan
    • Incident response plan

By this point, if you are a customer of CDK, you have likely implemented continuity procedures to continue your operations and serve your customers. After the dust settles, you may want to take this opportunity to work with a cybersecurity advisor who can help you update and bolster your defenses.


David Anderson

David Anderson

Principal, Digital – Cybersecurity

Experience the CLA Promise

Sign up to receive custom information and insights delivered straight to your inbox.