CDK Global Considers Ransom Payment After Major Cyberattacks

Could the actions taken by CDK Global eventually show that sometimes it pays to be the bad person in a situation? Let’s dig in and find out.

CDK Global was the victim of back-to-back cyberattacks last week, taking place on Tuesday, June 18, and Wednesday, June 19. These attacks took down most of the company’s systems, which caused serious problems for car dealerships around the country. This online platform provides support for sales and personnel for nearly 15,000 car dealerships. This has caused a massive slowdown of activity at many dealerships, which have had to revert to pen-and-paper processes to handle some activities.

Unfortunately, selling cars requires more complicated processes than what can be done with pen and paper.

Will the hackers get paid?

An eastern European cybercrime group is claiming to be behind the attack. This was reported by Bloomberg, which also reported that CDK intends to pay the tens of millions of dollars in ransom demanded by these criminals. If CDK pays the ransom, aren’t they giving the hackers what they want? Could this set a bad future precedent with more hackers demanding large sums of money from the companies they hack?

How long will CDK be down?

CDK Global began a restoration process on Saturday, June 22, but this process is expected to take several days to complete. This could mean more time without many dealers selling cars. This could be a serious problem if the outage continues into the July 4 weekend, a popular holiday for car sales and great deals.

There’s also the question of whether or not customers’ data has been compromised during this hack. The hackers could easily capitalize on this data for years to come if they obtained specific personal information from dealership customers such as SSNs, driver’s license information, and banking data.

How can companies prepare for future cyberattacks?

Most companies take cybersecurity for granted and don’t expect their systems to be hacked and taken down. That said, many organizations take steps to keep information secure, but many aren’t prepared to do business the old-fashioned way if their computer systems go down.

Still, it’s important to be prepared for a cyberattack at any company. Here are some steps to consider taking to prepare for an attack:

Asset Management and Integrity Monitoring

It’s important for companies to know what data and systems are in place and establish a way to ensure those systems don’t become compromised. Creating a baseline for the operational systems could allow companies to resume operations more quickly after an attack. Of course, this baseline must continually be updated to support current processes.

Data Security

Data security is extremely important to keep things running smoothly. While CDK Global searches for its vulnerable areas, other organizations should take a hard look at their cyber security systems to ensure these systems will keep data secure and out of the hands of criminals.

Logging and Monitoring

When systems are designed with strong logging processes in place, its easier to keep the system monitored and proactively detect potential trouble. Investigating an incident becomes much easier when logging and monitoring are part of the process. This can include seeing what data hackers accessed during a cyberattack and how they gained access to the system.

Employee Training

Hackers typically target your employees to gain access to your systems. If employees open emails or click on suspicious links they could easily allow hackers into your system. Its pretty easy for hackers to trick employees or service provides to let them into the systems. This is called phishing and it’s one of the most successful ways cyberattacks happen.

Incident Response Providers

Who do you turn to in the event of a cyberattack? Certainly, CDK Global has a list of incident experts and a response team to help put their systems back to normal. When you know in advance which experts are ready to help make critical decisions and help get things back on track is an important part of restoring services after a cyberattack. These experts often assist in responding to and containing any incidents that take place.

Prepare for Notification and Disclosure Obligations

When companies become victims of cyberattacks, there’s an inherent responsibility to report and disclose any possible information that might have been lost or compromised. The requirements for notification and disclosure are complicated, and companies need to be prepared for such events.

The cyberattack on CDK Global continues to loom large and impact nearly 15,000 car dealerships around the country. Is your company prepared for a cyberattack? How will your team respond to such an event?