PYMNTS MonitorEdge May 2024

CDK Fallout Continues as Car Dealers Go Old School

cybersecurity, hackers, fraud, data breach

Software companies have taken over large swathes of the economy during the past few decades.

And when something goes wrong with these software companies, something ultimately goes wrong with the large swathes of sectors and businesses that rely upon them.

Just take for example the ongoing fallout from last week’s cyberattack on dealership software-as-a-service platform CDK Global, which continues to cripple America’s auto sellers. The attack has effectively shuttered many businesses, with still others trading easy-to-use of software products for pen, paper and other manual processes to perform necessary record-keeping and administration tasks. 

In response to the attack, CDK Global has initiated efforts to restore its systems and services. The company has been working around the clock to mitigate the impact on its dealership clients, striving to bring its full suite of services back online. Despite these efforts, the full extent of the disruption and the timeline for a complete recovery remain uncertain. 

The incident serves as a stark reminder of the importance of cybersecurity in protecting the integrity of the supply chain, a reminder that should remain evergreen.

That’s because the CDK attack wasn’t the only cyber incident that took place last week.

On Friday (June 21), apparel company Levi Strauss & Co. notified customers that it was caught with its jeans down as attackers gained access to the information of up to 72,000 shoppers via an automated credential stuffing attack. The information obtained by the bad actors includes names, saved delivery addresses, order histories, email addresses and even partial payment information.

Read more: Cyberattack on Software Provider Stalls Out US Car Dealership Sector

The Digital Threat Landscape Continues to Expand

It has been a busy month for bad actors, and the attacks suffered by Levi and CDK Global represent just the tip of the iceberg when it comes to cyberattacks on critical infrastructure this summer.

As PYMNTS reported earlier, the operations at a group of London hospitals were disrupted at the start of this month (June 3) after lab services provider Synnovis was targeted by a ransomware attack.

The impacted hospitals postponed over 1,100 planned operations and 2,100 outpatient appointments due to the data theft.

Adding to the disruption’s damage, a cybercriminal group claiming responsibility on Thursday (June 20) shared almost 400GB of sensitive data — including patient names, dates of birth, NHS numbers and descriptions of blood tests — on their darknet site and Telegram channel, per a report from the BBC.

Elsewhere, Advanced Micro Devices (AMD) said on Tuesday (June 18) it was looking into claims that the company’s data was stolen in a hack by a cybercriminal organization, per a report from Reuters, though AMD believes a “limited amount of information” related to specifications used to assemble certain AMD products was accessed via a third-party vendor site. 

The new operational reality, as Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS, is that “identity theft, phishing and data breaches have all become more prevalent.”

See also: As Data Breaches Proliferate, New NIST Playbook Offers Recovery Tactic

Focus Shifts to Cybersecurity After-Action Programs

As PYMNTS has written, many of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization’s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users. 

“Everyone has been dealing with cybersecurity for a long time,” Erik Sallee, CFO at XiFin, told PYMNTS in a separate conversation. “There’s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you’re working with good vendors, and investing in it. It’s a cost-avoidance type of investment, but it’s one you have to understand, and you can’t short shrift it.”

That’s why conducting vulnerability assessments and penetration testing to identify and mitigate potential weaknesses, as well as implementing ongoing cybersecurity awareness training for all employees, are crucial for businesses. Developing and maintaining a comprehensive incident response plan (IRP) that outlines procedures for identifying, containing, eradicating and recovering from cyberattacks like data breaches is another method businesses can employ. 

“The No. 1 thing that I would start with is good cyber hygiene,” Rosa Ramos-Kwok, managing director and business information security officer for commercial banking at JPMorgan, told PYMNTS, explaining that sometimes firms can fall behind on patching up legacy systems, which leaves aged software with “all sorts of vulnerabilities” in place because firms had “other priorities, or it was too expensive.”