CDK Hack: Understanding the Impact and How to Protect Your Business

By: Pawel Pikul

On June 19th, a cyberattack targeted CDK Global, a core software provider for auto dealerships, causing widespread disruption. CDK Global provides essential dealer management software (DMS) that dealerships use for everything from sales and service to payroll. This attack, identified as a ransomware event by the hackers known as BlackSuit, has rendered CDK’s DMS inoperative for thousands of dealerships globally. CDK acknowledged the ransom demand and has been working to restore its systems, a process expected to take several days, impacting operations into July.

The cyberattack has forced some 15,000 car dealerships to revert to manual processes, including using pen and paper to manage transactions. This has significantly delayed sales, financing, and customer service operations. The inability to access banking and financing systems has created a backlog and customer dissatisfaction. Some dealerships have reported severe operational impacts, while others not reliant on CDK’s software have continued business without interruption.

The attack highlights the growing threat of ransomware, which targets businesses of all sizes. It’s a stark reminder that no industry or organization is immune from cyber threats, and the impact can be devastating.

Be Careful of Impersonation Attacks

In the wake of this attack, it is crucial for businesses to be vigilant against further cyber threats. Hackers often exploit the chaos of such events to launch additional attacks, including phishing (fraudulent emails), vishing (fraudulent phone calls), and smishing (fraudulent text messages). Here’s what to watch out for:

  • Phishing: Hackers may send emails posing as CDK, asking for sensitive information or prompting you to click on malicious links. Always verify the sender’s email address and avoid clicking on links from unknown sources.
  • Vishing: Be wary of phone calls from individuals claiming to be CDK representatives. Verify their identity by contacting CDK through official channels before sharing any information.
  • Smishing: Fraudulent text messages can also appear legitimate. Treat any unexpected texts with caution and verify their authenticity.

It is imperative to verify any communication purportedly from CDK before taking any action. Do not click on unfamiliar emails, provide information over the phone, or follow prompts from unexpected texts without thorough verification.

What You Need to Know as a Small Business

The impact of a cyberattack can be devastating for small businesses. Here’s how to deal with the aftermath:

  • Assess the Damage: Determine the extent of the breach. Identify which systems and data have been compromised.
  • Communicate: Inform your employees, customers, and stakeholders about the breach. Transparency can help maintain trust.
  • Restore Operations: Utilize any available backups to restore your systems. If backups are unavailable, consider alternative ways to continue business operations, such as manual processes.
  • Legal and Compliance: Understand your legal obligations, including notifying affected individuals and reporting the breach to authorities.

Everyone’s now thinking about cybersecurity. Are your systems protected? What if this happens again? Even if you’re not using CDK, similar concerns may arise with other software.

Steps to Take Right Now

For businesses affected by the CDK hack, immediate steps include:

  • Contact CDK: Stay updated with the latest information from CDK regarding the status of the system restoration.
  • Review Security Protocols: Evaluate your current cybersecurity measures and identify areas for improvement.
  • Educate Employees: Ensure your employees are aware of the potential threats and know how to respond to phishing, vishing, and smishing attempts.
  • Implement Immediate Safeguards: Strengthen your cybersecurity posture by implementing additional security measures, such as EDR and MFA.

Security-Wide Best Practices

Cyber threats are constantly evolving, and businesses of all sizes must stay proactive in their defense strategies. By adhering to industry standards and continuously improving your security posture, you can protect your sensitive data and ensure the integrity of your operations. Here are some essential best practices that every organization should adopt to safeguard against cyber threats:

  • Regular Vulnerability Assessments: Conduct regular vulnerability assessments and penetration tests to identify and address potential weaknesses in your systems.
  • Endpoint Detection and Response (EDR): Utilize EDR solutions to monitor and respond to threats in real-time. EDR provides advanced threat detection and response capabilities.
  • Multi-Factor Authentication (MFA): Implement MFA for all accounts. This adds an extra layer of security by requiring additional verification steps beyond just a password.
  • Network Security: Ensure your network is secure with firewalls, intrusion prevention systems (IPS), and secure DNS filtering.
  • Professional Audits: Hire cybersecurity professionals, like Vertilocity, to conduct thorough security audits and assessments. A second opinion can provide valuable insights and uncover overlooked vulnerabilities.
  • Comprehensive Backup Solutions: Invest in robust backup solutions that include offsite and cloud backups. Regularly test these backups to ensure they can be restored quickly in case of an incident.
  • Disaster Recovery Plan: Develop a detailed disaster recovery plan that includes steps to take in various scenarios, from cyberattacks to natural disasters.
    To learn even more about best practices, read my colleague Chris Bowman’s article “Protect Your Business from Cyberattacks: Cybersecurity Best Practices.”

Enhancing Employee Awareness and Network Protection

Security awareness training for all employees and robust network protection measures are crucial components of any cybersecurity strategy. Employees often serve as the first line of defense against cyber threats, making their awareness and preparedness essential. Here’s how to ensure your team and systems are fortified against potential attacks:

  1. Regular Security Awareness Training: Conduct regular training sessions to educate employees on recognizing and responding to cyber threats. Focus on reinforcing the information about phishing, vishing, and smishing already discussed. Ensure training is interactive, with real-world simulations, and assess understanding periodically to identify areas needing further emphasis. I provide more detailed information on employee training in “Guarding Your Business: The Vital Role Of Employee Training And Awareness In Cybersecurity.”
  2. Comprehensive Patch Management: Ensuring that all software systems are up-to-date with the latest patches is vital. Cybercriminals often exploit known vulnerabilities in software to gain access to systems. Establish a routine schedule for:
    • Updating Software: Apply patches and updates as soon as they are released by vendors.
    • Monitoring Systems: Regularly check for new vulnerabilities and update systems accordingly.
  3. Proper Firewall Configuration: Firewalls act as a barrier between your internal network and potential threats from the outside world. To maximize their effectiveness:
    • Intrusion Prevention Systems (IPS): Ensure firewalls are configured with IPS to detect and prevent unauthorized access attempts.
    • Regular Reviews: Periodically review firewall settings and policies to adapt to new threats and changes in the network environment.
  4. Enhanced Email and DNS Protections: Email and DNS protections are critical for preventing email-borne threats. Implement the following measures:
    • Email Filtering: Use advanced email filtering solutions to detect and block malicious emails.
    • DNS Security: Deploy DNS security measures to prevent access to malicious websites and protect against DNS-based attacks.
  5. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to provide two or more verification factors to gain access to accounts. This significantly reduces the risk of unauthorized access:
    • Mandatory Implementation: Enforce MFA across all accounts, especially for sensitive systems and data.
    • User Education: Ensure users understand the importance of MFA and how to use it effectively.

By combining regular security awareness training with stringent network protection measures, you can create a robust defense against cyber threats. Employees who are well-informed and vigilant, coupled with a secure network infrastructure, form the backbone of a resilient cybersecurity strategy.

Preparing for Future Attacks
Whether your business has been hacked or not, preparation is key to mitigating the impact of future cyber threats. Remember, it’s not a matter of if but when a cyberattack might occur. Here’s a comprehensive approach to enhancing your cybersecurity readiness:

  • Regular Backups: Regularly back up your data and store it in multiple locations, including offsite and in the cloud. Ensure backups are tested and can be restored quickly.
  • Perform a Security Audit: Conduct an internal audit to assess your current security posture. Identify gaps and areas for improvement.
  • Incident Response Plan: Develop and regularly update an incident response plan. This plan should outline steps to take during a cyberattack, including communication strategies, roles and responsibilities, and recovery procedures.
  • Employee Training: Conduct regular cybersecurity training sessions for employees.
  • Software Updates: Keep all software and systems updated with the latest security patches. Regular updates can prevent vulnerabilities that hackers exploit.
  • Implement Strong Security Measures: Utilize EDR solutions to monitor and respond to threats in real-time. Implement MFA for all accounts and ensure your network is secure with firewalls, IPS, and secure DNS filtering. There are almost too many additional steps to take here to mention. These are just a few samples of what you can start doing now.

Vertilocity can help by running network and security assessments to provide a comprehensive report on how well your systems are protected, what’s missing, and how to improve your security. We offer a full stack of managed services and co-managed options to assist and oversee your network, providing robust security solutions and knowledge.

The CDK hack is a wake-up call for all businesses. Cybersecurity should be paramount for every organization, especially in our interconnected world. It doesn’t have to be cost-prohibitive; by working with cybersecurity experts, small businesses can achieve robust protection. At Vertilocity, we specialize in helping small and mid-size businesses enhance their cybersecurity posture. Contact us at to ensure your business is protected against future threats. Let us help you navigate the complex landscape of cybersecurity with confidence and peace of mind.