Could you afford a 2-7% drop in your top-line revenue? That's what experts estimate for new vehicle sales nationwide in June 2024 following a massive cyberattack against CDK Global, a dealership software company. This attack sent the automotive industry reeling as dealerships scrambled to make transactions without the provider's critical services.
Hackers took hold of the company’s network, demanding millions to give back access to the crucial services that thousands of dealerships rely on.
The hacking group has been identified as Blacksuit Ransomware, which was also responsible for several attacks across the country.
What is Blacksuit Ransomware?
Blacksuit Ransomware is a cybercriminal group that has claimed responsibility for attacks against several Georgia public schools, Indiana college Depauw University, a zoo in Florida, and now, CDK. Experts have theories that this group is a rebranded version of the infamous Russian hacking group Conti.
They operate by stealing data and holding it for ransom while demanding large payments in return for not posting it to the dark web.
How Many Businesses Were Affected?
As a result of this attack, nearly 15,000 automotive businesses across the country found themselves struggling to complete transactions such as:
- Vehicle registration
- Sales
- Financing
- Insuring vehicles
- Repairs & maintenance
These dealerships largely had to switch to handwritten forms for these business operations, since the software company shut down services following the attack out of caution. System restoration took several days, shutting down operations and likely causing a drop in sales.
These dealerships heavily relied on software by CDK, and customers suffered too. Without access to this software to streamline operations, buyers and clients had to wait in long queues to purchase vehicles, get vehicles registered, transfer titles, and more.
Will There Be Lasting Damage From This Attack?
The impact of this attack was felt directly from losses in sales and missed opportunities from slower wait times, but there were other consequences too. Reputational damage from frustrated customers will likely reverberate for years to come, hurting affected businesses in the long term.
According to J.D. Power and GlobalData, sales of new vehicles were estimated to drop 2.6-7.2% YOY for the month of June. Experts attribute this drop to outages from cyber attacks, which led to disruptions in reporting from old-school sales tracking and for some, a halt in operations altogether.
In addition, transactions tracked via handwritten forms created a large backlog of information that will need to be manually entered once systems are up and running again. Because of this, it will take a long time for dealerships to recover from the disruption and mess caused by the lack of digitized services.
On top of this damage to dealerships, the destruction of CDK’s reputation will likely take years to rebuild after this devastating attack.
Auto Dealership Compliance & The FTC Safeguard Rule
As dealers know, they are technically considered "financial institutions" since they are considered "finders". Thus, the Federal Trade Commission (FTC) Safeguards Rule applies to financial businesses to ensure they use the right cybersecurity protections for customer data.
Because of the sensitive data dealerships handle, cybersecurity is no longer an optional investment. The attack on CDK Global and the damage to the automotive industry is not unique, as cyber criminals hack businesses that have the most to lose from breaches.
This along with the dealership FTC Safeguards Rule, many dealerships have moved to hiring managed IT companies to ensure they are in compliance and protecting sensitive data.
How Dealerships Can Mitigate Cyber Threats
There are many ways automotive businesses can take to protect sensitive data and mitigate the risk of network breaches. Preparing ahead of time by investing in solid tools and practices is much less arduous than recovering from an attack. Some steps you can take to secure your business include:
- Implementing MFA and regularly checking to ensure it is in place
- Using and checking data backups
- Encrypting sensitive data
- Ensuring staff use strong passwords and change them regularly
- Educating staff on online safety and phishing threats
Cyber Insurance
When you’re considering different risk factors for your business, it’s important to consider your cyber insurance policy and what it covers. It’s highly advisable to invest in a cyber insurance policy since cyber insurers can help you handle a breach as well as alleviate some costs associated.
Cyber insurance companies will have experts on hand to assist you in things like:
- Ransomware negotiation
- Legal troubles
- Public relations & outreach
- Breach investigation & remediation
Cyber insurance policies should include coverage for both first party and third-party expenses. First party expenses are internal expenses associated with breach notification, investigation, or paying off extortionists. Third party expenses refer to external liabilities, like lawsuits from your clients or partners whose data was leaked through the breach.
To read about the limitations you may run into with cyber insurance, read our article: What Does Cyber Insurance Not Cover?
Evaluating the Risk of Outside Vendors
One major element to consider when securing your business is the level of protections your third-party vendors have in place. Since most businesses rely heavily on the services like those provided by CDK, you must ask your vendors what their cybersecurity protections look like.
If a vendor in question is unable to answer this question, it is a safer bet to choose a different provider to partner with. The attack on CDK is a great example of what can go wrong if a third-party vendor falls victim to a cyberattack, leaving their clients without essential services and thus hurting their businesses.
Find a Dealership Cybersecurity Provider
Your dealership security is everything in the digital age. Finding a managed service provider (MSP) with experience working with automotive dealerships is a must. This way, they can assist you in compliance and the added security needed to protect sensitive data.
To get in touch with a cybersecurity expert familiar with the automotive industry, click the button below.
