CDK Ransomware Attacks: A Lesson you need to learn from

Carmine Corridore

Strengthen Your Cyber Resilience Before It's Too Late

If you don’t know, I’ll fill you in. CDK Global Systems is the leading Software platform for over 15,000 car dealerships. On June 19th, 2024, their systems went offline due to a cyber incident - a ransomware attack.


This article will focus on two important points, and it should be a lesson for all businesses:

  • Supply Chain Attacks
  • Incident and Disaster Recovery Planning.


Supply Chain Attacks can affect any business


What are supply chain attacks? Most people believe supply chains are related to manufacturing, warehousing, or logistics. Every business has a supply chain, and every company is part of it.


Let me explain: Your business makes a product or delivers a service. You have vendors who help you do that, and you have clients to whom you provide those services or products. Simply put, that is your supply chain.


Even if you only communicate with your vendors or clients through email, there is still a potential threat.


For example, let's say your vendor’s system has been compromised. The criminals get into their email system and send you an email that contains malicious code. Since it is your vendor, you trust the source and open the email. You inadvertently downloaded the malicious software, which now affects your systems. Through this malicious code, they can get into your email system. The criminals send malicious emails, but now they are sent to your customers and other vendors. Since these people know you, they trust the email and open it. That's how the cycle continues.


It’s a simplistic example, but you get the point. Without proper checkpoints and verifications, we allow other businesses’ security decisions to become our own.


Relying on Software Vendors and Platform Security Systems


Discussing cybersecurity can seem overwhelming. We discuss risks and vulnerabilities. I have spoken to prospects who commonly say, "Well, XYZ software says they have good security, so we don’t need anything." The misconception is that because they don’t keep anything local, and the software vendor says they have adequate protection, they don’t need anything.


The problem with this thinking is that it’s just plain wrong. There is no better way of saying it. Until we become enslaved by robots, humans remain the weakest link in the security chain.

  • They click on the wrong emails and send sensitive information over unencrypted methods.
  • Store sensitive information on local computers because they either downloaded it or scanned it to their computer to upload, but forgot to delete that item from the computer.


Incident Response and Disaster Recovery Planning


It’s not just about what they can get from you, although it is why they have come in the first place. It’s about the disruption they can cause to your business. It can even be your reputation that suffers.


We can’t avoid every incident or disaster, but we can plan how to respond. With the help of your executive team or department heads, conduct a CyberSWOT on your business.

  • Strengths: Operationally and financially, where do you stand if you were to be a victim of a cybercrime (directly or indirectly)? How could you weather the storm?
  • Weaknesses: Determine what your risks and vulnerabilities are. Where could you be a victim? Are you using one piece of software that runs your entire business? What does that look like if it’s down?
  • Opportunities: What is in your universe that you have control over? What improvements can you make that might help you?
  • Threats: What things influence your universe that you don’t have control over but are critical to your operations?


Understanding your weaknesses can help you plan how to respond in an emergency.


Let's return to the CDK ransomware attack, the auto dealership that ran its entire business on the CDK platform. Performing a CyberSWOT or a Business Impact Analysis would have revealed a considerable weakness and threat to the company.


This revelation would have allowed them to prepare contingencies, an incident response plan to deal with the outage, and a disaster recovery plan to help return to normal operations. They could have quickly established the tools and policies to operate the business “offline.”


Conversely, they may have decided to make different business decisions, like diversifying their software platforms or determining whether a redundant system that runs in parallel with their current solution is possible.


One thing is certain: you cannot make any decisions without understanding your risks and vulnerabilities.


Next Steps to Protecting Your Business


Underdog Cyber Defense is an IT Service Provider that specializes in Cybersecurity. We offer a Business Impact Analysis or our CyberSWOT, which helps you identify your “hidden risks” and vulnerabilities. We help you find those blind spots and provide recommendations for you to implement yourself, address them with your current IT provider, or we can manage them for you.


Contact us today for a consultation.

CONTACT US
Green shield with a crack, the text

What Are Zero-Day Attacks and How Can I Prevent Them?

By Carmine Corridore August 15, 2025
Learn the dangers of zero-day attacks and how Underdog Cyber Defense protects your business with proactive measures, threat management, and advanced monitoring tools.
A person is typing on a laptop with a padlock on the screen

How Do You Train Employees to Recognize Cyber Threats?

By Carmine Corridore July 10, 2025
Teach your employees to recognize cyber threats and improve your organization’s cybersecurity with comprehensive awareness training. Contact us today!