The recent cyberattack on CDK Global, which disrupted operations for 15,000 automotive dealers across the country, has shed light on the importance of robust contingency plans for organizations heavily reliant on SaaS providers for critical business functions. Many dealers were forced to resort to paper forms and manual processes as a result of the attack, with CDK informing SEC that it would take several days, but likely not weeks, to restore its systems. Companies impacted by the breach, including Penske, Group I Automotive, and Lithia Motors, were among those who notified the SEC.
While CDK has not disclosed the nature of the attack that crippled its systems, media reports have linked it to an East European ransomware group called BlackSuit. The group is reportedly demanding millions of dollars in ransom to unlock CDK’s systems. Despite requests for updates on the restoration efforts and attribution of the attack, CDK has not responded to inquiries from Dark Reading.
Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, emphasizes the need for organizations to enhance cybersecurity protections for their entire network of vendors and partners. Diversifying vendor relationships can help distribute risk and reduce dependency on single providers, he suggests.
In the context of the recent attack, organizations using SaaS services should implement formal risk management frameworks with stringent security assessments and contractual obligations for cybersecurity standards. Sharing threat intelligence and best practices within industry sectors can also strengthen collective defenses against evolving cyber threats.
Mark Ostrowski, head of engineering at Check Point Software, highlights the importance of identifying crucial service providers and vendors and understanding their measures for protecting against and responding to cyberattacks. In the aftermath of disruptive incidents, staying vigilant against phishing attempts and other post-attack threats is crucial.
The challenges faced by CDK in its recovery efforts, including a second attack that forced the company to shut down systems, underscore the importance of not rushing the restoration process. According to malware analyst Pieter Arntz, attackers often have a lingering presence on systems, necessitating comprehensive restoration efforts beyond rolling back to an earlier date.
The incident also emphasizes the exposure that organizations face via the software supply chain, with a significant percentage experiencing security incidents tied to software suppliers and service providers. Strengthening cybersecurity resilience, enhancing regulatory oversight, and implementing proactive defense measures are critical in safeguarding against targeted attacks on software supply chain leaders.
Overall, the CDK attack serves as a stark reminder of the potential impact of cyber threats on critical infrastructure sectors and industries reliant on software supply chains. By prioritizing continuous assessment, response readiness, and collaborative risk management efforts, organizations can mitigate the risks posed by sophisticated cyber adversaries in an increasingly challenging threat landscape.