In the wake of the CDK Global ransomware attack, car dealerships are confronting the stark reality of cyber threats and the consequences of inadequate cybersecurity measures. CDK Global, a leading provider of IT and digital marketing solutions to the automotive retail industry, fell victim to a ransomware attack, exposing vulnerabilities that crippled critical dealership operations.
This incident serves as a wake-up call for dealerships, as well as any organization that relies on third-party vendors, to reassess their vendor management strategies, business continuity/incident response plans and their cybersecurity resilience.
Businesses from nearly every industry leverage third-party services/vendors, and that trend is not going away any time soon. As businesses struggle to do more with fewer resources (staffing, time and general resources), it is essential to ensure that a vendor management policy and procedures have been established to hold the critical outsourced parts of the business accountable and are working as expected and maintaining their security profile.
Conducting cyber risk assessments/due diligence reviews on vendors to evaluate their cybersecurity practices and resilience to attacks is particularly important, but not all vendors are created equal. Vendors need to be assessed on the significance to the business, as they all don’t present the same level of risk.
Where to Start: Two Plans that Bolster Cyber Resilience
Having a well-crafted business continuity and incident response plan is critical for rapidly addressing and mitigating the effects of a cyberattack and providing confidence that business operations can withstand disruptions. When considering business continuity and incident response plans, each has their own distinctive purposes, but can be interrelated.
- A Business Continuity Plan (BCP) prepares an organization to support essential functions and resume full operations in the event of a major disruption or disaster. These disruptions could include natural disasters, cyber attacks, or any issues that might impact normal business operations. The key objectives would include minimizing the disruptions, protecting assets, reducing financial loss, and preserving reputation.
- A Incident Response Plans (IRP) provides a structured approach for detecting, responding to, and recovering from security incidents. An IRP is designed to manage and mitigate the impact of a security breach on the business and could be considered a subset of the BCP. The key objectives would include the preparation, identification, containment, eradication, recovery and implementing lessons learned from the incident.
Practice Makes Perfect: How to Activate Your Plans
The business should assemble a multidisciplinary incident response team that can act swiftly in the event of a cyber incident, regularly conduct drills to rehearse the incident response plan and refine procedures based on lessons learned, and analyze the response to any security incident to improve future readiness and response capabilities. Performing a tabletop exercise on a scheduled basis to test the plans will ensure that team members know what to do and when to do it to lessen the impact on business operations.
The New Normal: Be Proactive and Prepared
Investing in cybersecurity is no longer optional; it’s a critical component of any organization’s operational integrity. The CDK ransomware attack highlights the need for dealerships to adopt a proactive and comprehensive approach to cybersecurity. Team members should be trained to recognize phishing attempts, manage passwords effectively, and adhere to security policies. Organizations should employ a multi-layered security approach, including firewalls, antivirus software and intrusion detection systems, to protect against various threats. And finally, they should implement a routine for software updates and maintain regular backups to minimize the impact of potential data loss.
Whether you outsource key services, like the aforementioned CDK circumstance, or run your own applications within your business, it is highly important to ensure that businesses have the right environment and practices in place to withstand an incident that might threaten the viability of the business operations.
RKL’s team of IS Assurance and Advisory professionals can help navigate the complexities of vendor management, incident response plan reviews and cybersecurity. Contact your trusted RKL advisor or complete the form below to get started.
