A cyber attack on a software supplier blocks the US car dealer sector

Software and digital transformation more broadly have changed the business landscape. Almost every modern company relies on software to run its business, and digital technology has become the ubiquitous, invisible thread that enables and optimizes workflow.

When it works well, business software fades into the background. But when disruption occurs, entire sectors can grind to a halt.

With the news that CDK Global, a software-as-a-service (SaaS) platform for auto dealers, suffered an additional breach on Wednesday (June 19) evening as it began to restore systems disabled following Tuesday’s (June 18) cyberattack, the simple fact that troubles with a key supplier infrastructure can result in a butterfly effect of industry disruption is most important for companies that rely on external software solutions.

CDK Global’s dealer management platform is used by thousands of auto dealers across the U.S. and by companies including Kia, Toyota, BMW, Stellantis and others that use its software solutions to handle things like CRM, financing, payroll, support and service. inventory and returns – office work.

As the impact of the incident continues, many businesses have effectively closed and are unable to return to normal operations, while others have turned to paper-based processes and other workarounds for recordkeeping and other administrative tasks.

CDK reportedly told customers on Thursday (June 20) that “there is no estimated time frame for resolution and therefore our dealer systems will likely be unavailable for several days.”

Read more: A new wave of serious cyberattacks exposes key enterprise security weaknesses

Protect your operations from disruptions and threats

The cyberattack on CDK Global highlights the growing threat of ransomware attacks on the business landscape, especially in industries that are highly reliant on digital and IT infrastructure. What has changed in today’s context is that as technology advances and managed services and applications become more and more critical to business operations, the impact of cyberattacks now has a much greater scope.

And if an attack on a critical infrastructure provider that leaves the sector it serves unable to operate sounds familiar, that’s because the number of similar incidents is on the rise, underscoring the need for companies to invest in robust cybersecurity measures and incident response plans.

After all, it was only last February that a cyberattack on Change Healthcare, the billing and payment unit of UnitedHealthcare, caused complete disruption to health care clinics, medical billing companies and pharmacies.

The cyber attack on Change Healthcare ultimately cost parent company UnitedHealthcare $872 million. The company says the breach was caused by a ransomware gang known as ALPHV, or BlackCat.

Since then, the attacks have not stopped either. As PYMNTS reports, on June 10, a “significant amount of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake, and on Thursday of this week it was revealed that stolen data from LendingTree subsidiary QuoteWizard obtained during the Snowflake breach is being sold to the highest bidder at cybercrime forums.

The same hackers are also reportedly demanding ransoms ranging from $300,000 to $5 million from other compromised companies.

Earlier this month (June 4), news also broke that TikTok had been dealing with a recent security breach as hackers targeted high-profile brands and celebrities on the platform.

See also: As data breaches spread, a new NIST playbook offers data recovery tactics

Securing the cyber circuit

The realities of today’s cyber threat landscape versus an increasingly connected business marketplace mean that attacks are no longer just affecting individual companies and their customers, but entire ecosystems and industries.

“Identity theft, phishing and data breaches have become increasingly common,” Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS.

PYMNTS Intelligence found that 82% of e-commerce sellers experienced a cybersecurity or data breach last year. Forty-seven percent of these merchants said breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a collaboration between PYMNTS Intelligence and Nuvei.

“Everyone has been dealing with cybersecurity for a long time,” Erik Sallee, chief financial officer at XiFin, told PYMNTS. “There’s no way around it other than blocking and troubleshooting, doing the right things every day, keeping all your systems up to date, making sure you’re working with good suppliers and investing in that. This is a cost-avoidance investment, but it must be understood and cannot be wasted.