A cyberattack targeting CDK Global, a prominent provider of cloud-based software solutions to the automotive industry, threw operations into turmoil at numerous car dealerships across the United States. In response, CDK Global took swift action, shutting down most of its systems as a precautionary measure to safeguard customer security.
Lisa Finney, spokesperson for CDK Global, emphasized that the decision to suspend operations was driven by an abundance of caution. The company successfully restored essential services such as its core document management system and digital retailing solutions. However, comprehensive testing and restoration efforts were ongoing for other affected applications, with updates promised as services were gradually brought back online.
CDK Global’s software is pivotal in supporting dealership operations, encompassing critical functions like vehicle acquisitions, sales, financing, insurance, and maintenance. Despite the company’s robust “three-tiered cybersecurity strategy” aimed at prevention, protection, and response to cyber threats, the recent attack underscored vulnerabilities inherent in the automotive sector.
This incident mirrors a troubling trend of cyber threats targeting car dealerships. A week before the attack, Findlay Automotive Group reported a similar attack that disrupted operations across five states, underscoring the pervasive risks facing the industry. Reports from the Las Vegas Review-Journal highlighted the escalating frequency of such incidents and their potential to inflict substantial financial and operational setbacks on affected businesses.
According to a 2023 survey by CDK, 17% of surveyed dealerships experienced cyber incidents in the previous year, reflecting a rise from 15% in the preceding year. Nearly half of these incidents resulted in negative financial or operational impacts, exposing the extensive vulnerability of car dealerships that handle sensitive customer data such as credit applications and financial information.
The appeal of targeting dealerships lies in their interconnected systems and often inadequate cybersecurity defenses. Many dealerships lack fundamental protections, making them susceptible to sophisticated cyber threats. Zurich North America’s report highlighted the intricate network connections of dealership systems with external service providers, further complicating cybersecurity measures.
As CDK Global works towards full recovery from this cyberattack, the event serves as a stark reminder of the pressing cybersecurity challenges confronting the automotive industry. With cyber threats on the rise and potential repercussions ranging from financial losses to operational disruptions, safeguarding dealership systems remains an urgent priority for industry stakeholders moving forward.