Organizations continue to be impacted by threat actors across industry verticals, with sweeping impacts to business operations and the customers they serve. The recent cyber attack on CDK Global — and its impact to car dealerships — again illustrates the critical nature of supply chain technology to deliver competitive products and services, and its vulnerabilities.
Cyber Attack: Repercussions and Response
CDK provides a software-as-a-service platform (“SAAS”) that acts as the core platform servicing thousands of car dealerships globally by providing CRM, financing, payroll, service, support, inventory, and back-office operations. While not yet confirmed, news reports suggest the organization may have suffered a ransomware attack, prompting it to take two data centers offline in an attempt to stop the spread. This has forced many dealerships to temporarily switch over to manual paper operations while CDK works to contain and investigate the breach and recover. As of 5:24 p.m. June 19, CDK had recovered a number of core applications and was working on testing others.
Top 10 Cybersecurity Practices to Protect Your Car Dealership
While SAAS and other technologies can transform and empower our businesses, they can also make us vulnerable to cyber attacks. Prevention efforts are key, but it is equally important to ensure appropriate business continuity planning is in place to maintain operations and reduce the disruption to the customer in case an attack does occur. Further, vendor management is critical to validate supply chain relationships that organizations like CDK depend on are adhering to cybersecurity best practices.
While the specific details around the incident for CDK are unknown, recent cyberattack news indicates many organizations continue to struggle with basic cyber hygiene practices. Take the following steps to improve your organization’s cyber hygiene:
1. Establish Cyber Risk Ownership & Oversight
- Security is an organization problem; NOT just an IT problem.
2. Security Awareness Training
- Training your staff provides greater return on investment than any other security initiative.
3. Multi-Factor Authentication (VPN, O365, LOB, cloud apps)
- ALL methods of remote access to sensitive corporate data need to be protected by MFA.
4. Verify Backup Position & Ensure Recoverability (offsite, tested, air-gapped)
- Design a backup solution that meets your recovery timelines.
- Test and validate your backup process.
- Secure your backup architecture.
- Failing any of these can have dramatic cost in the event that backups are needed.
5. Incident Response Plan & Disaster Recovery Plan
- Every organization experiences cyber incidents.
- Plan for a cyber attack response, so you’re not scrambling when one happens.
- Planning allows you to identify where the current process doesn’t meet organizational objectives, which helps you build out your security roadmap.
6. Cyber Liability & Crime Insurance
- Insurance is a cost-effective way to mitigate the financial cost of a breach.
- Without insurance in place, a major breach could put the organization at risk of bankruptcy.
- Understand and keep up with the (often-changing) requirements of your insurance provider to ensure you’re eligible to get paid when you need it.
7. Security Audit, Vulnerability Assessment & Pen Test (identify risk)
- Identify areas that are in need of improvement, so that they can be put onto the roadmap and improved over time.
- As security posture improves, so, too, should the depth of your assessments.
8. Improve the baseline security posture and configuration of existing systems
- Most systems have security features that are underutilized.
- Do more with what you already have.
9. Purchase security tools to supplement your baseline security posture
- Identify critical functionality that is missing and obtain tools that will meet those objectives.
- Many organizations purchase tools first, then look to see what they can do with them — this is backward.
10. Establish Policies & Procedures (acceptable use, HR, and governance policies)
- Document and formalize your organizational security objectives.
- Ensure that you actually implement what you define.
- Do not let your policies sit on a shelf and lose relevance.
Connect with one of your cybersecurity advisors today at https://lp.rehmann.com/rts-contact-us