It is almost July Fourth, and summer holiday travel is about to enter its peak season.
But despite the sunshine and blue skies, Americans planning to buy a new car for summer excursions may be looking at decidedly cloudier weather.
That’s because, a full week after the initial cyberattack that took down dealership software-as-a-service platform CDK Global’s operations, the software provider told its car dealership customers Tuesday (June 25) that its systems will continue be down for at least the rest of the month.
What that means is that shoppers looking for a new vehicle will need to bring cash or check. And dealerships will need to break out the pen and paper.
After all, without CDK’s software available to them, the over 15,000 impacted U.S. dealerships are left unable to conduct credit checks, generate auto loans, complete sales contracts, track their inventory, or execute other crucial sales processes digitally — greatly slowing the process of leasing or buying a car.
“This could result in a significant loss of business and potentially a loss of confidence in CDK among the dealer community,” Diana Lee, CEO and co-founder of Constellation, told PYMNTS.
For at least the next week and likely into July, CDK’s dealership clients will need to perform most tasks by hand using traditional paper-based methods. Any would-be car buyers will need to resort to things like registering their vehicle at a local Department of Motor Vehicles (DMV) site rather than having the bulk of the administrative and legal work surrounding their car purchase handled automatically.
CDK Global did not immediately reply to PYMNTS’ request for comment, and this remains a developing story.
Read more: Cyberattack on Software Provider Stalls Out US Car Dealership Sector
CDK has referred to the cyberattack that brought down its systems and crippled over ten thousand U.S. dealers as a “ransom event.” The attack’s ongoing impact has underscored that nearly every functionality within the automotive industry cannot be performed without a dealer management system. After all, software as a service means that without software available, the services won’t be, either.
Per a Tuesday (June 25) report by CBS, CDK is “continuing the restoration process” of its “core applications” and is making progress in getting systems functional again after multiple cyberattacks by a group believed to be based in Eastern Europe brought them down.
As PYMNTS has written previously, to mitigate the risk of cyberattacks, companies must develop a robust cybersecurity framework that encompasses not only the latest technological defenses but also a strong emphasis on human factors. Regular training programs, rigorous security protocols and a culture of vigilance among employees can enhance an organization’s ability to defend against cyberthreats.
Earlier this year (Feb. 26), the National Institute of Standards and Technology (NIST) published their Cybersecurity Framework (CSF) 2.0: Small Business Quick-Start Guide, which detailed five key pillars for businesses to adhere to when managing for cybersecurity risk.
They are: Identify, Protect, Detect, Respond and Recover; and supporting the five pillars is a central core of effective cyber governance.
“On the positive side, this outage may raise awareness in the auto industry about the importance of better cybersecurity measures to protect data. This could be a wake-up call for dealers and industry leaders to reevaluate their cybersecurity practices and invest in stronger protections against disruptions, which could lead to improved data security standard’s across the industry,” said Constellation’s Lee.
Read more: Scaling Effective Cyber Hygiene Throughout Your Business
The FBI’s latest annual internet crime report, released this spring, revealed that U.S. financial damages due to ransomware attacks rose 74% in 2023.
And so far this year, it has been a summer of cyberattacks and data breaches, with the latest attack as recently as Tuesday (June 25), when stolen data allegedly belonging to Evolve Bank and Trust, the U.S. financial institution and banking partner of collapsed FinTech Synapse, was reported published.
Crucially, in order to mitigate future cyber breaches, companies need to ascertain how present attacks were able to happen — whether by social engineering, unpatched software or firmware, or other vulnerabilities.
“After-action reports will help you understand what your business continuity plan was and where it failed … If you haven’t stayed up on your hygiene, that will come out in the report. That’s why running red team exercises or simulated events is so important,” Matanda Doss, executive director and lead information security manager for commercial banking at JPMorgan, told PYMNTS in December.