The CDK Cyber Attack Recovery Will Fall Squarely on

CDK Cyber Attack Recovery Will Fall Squarely on The Accounting Office

by with No Comment Tech

During my early years in the car business, I wore many hats in every position I held. One thing I learned quickly was that the accounting office often becomes the “cleanup crew” when different kinds of problems arise. There are still system and procedural hiccups today, but thanks to technology and automation, they are fewer. Then came the CDK cyber attack.

This attack is on an entirely different level. It isn’t just a routine issue; it’s a serious breach that could take months to resolve. Once the dust settles, it will be the accounting office’s responsibility to collect and piece together thousands of puzzle pieces from sales, service, and parts to restore some financial order.

The Impact of the Cyber Attack

The “End of the Month” has arrived, and dealerships are required to produce a monthly financial statement, as mandated by manufacturers and certain lenders. At this point, it’s uncertain whether a June financial statement will even be possible. In my opinion, the chances of this happening are slim.

How Did the Attack Happen?

The origins of this mess trace back to the evolution of CDK Global. Originally, ADP Dealer Services was an excellent Dealer Management System (DMS) provider. However, ADP merged into Cobalt, a company focused on digital marketing services, and then into CDK Global. The involvement of private equity changed the game.

When private equity comes in, cost-cutting measures take precedence, and departments like Information Security (Infosec) are seen as “cost-centers.” The very people tasked with defending the company from cyber threats are often the first to go. Then, in the event of a ransomware attack, we discover that:

  1. No backups have been tested in months.
  2. Many legacy systems can’t be revived.
  3. Disaster recovery plans are either outdated or non-existent.
  4. Infrastructure has multiple single points of failure.

It’s no surprise that CDK will likely pay millions in ransom. Yet, the true damage is felt by the employees at dealerships—people who must continue to care for customers and sell vehicles to earn their livelihood.

The “Preferred Vendor” Program Problem

New car dealerships are franchises, and manufacturers have a “Preferred Vendor” program. Vendors must apply, pay a fee, and undergo what is supposed to be a rigorous vetting process. In reality, smaller vendors often can’t afford the fees, and the program discourages innovation. Worse, some preferred vendors offer services that don’t even match the quality of non-preferred vendors, but dealers use them because:

  1. Preferred vendors are marketed as pre-vetted and trustworthy.
  2. Dealers can recoup expenses through the manufacturers’ “Co-op” programs.

CDK is one such preferred vendor. The glaring question is, where were the security audits? How could a company so vulnerable to cyber threats maintain its preferred status? Clearly, if there was monitoring, it was inadequate.

How to Restore Dealership Records

Once CDK pays the ransom, dealerships may get the decryption keys to access their data. But that’s just the beginning. It could take weeks, if not months, to restore all records, and there will likely be holes in the database.

Switching to a new DMS vendor might sound appealing, but without the data CDK holds, there’s nothing to convert to a new system. So, while it’s a good long-term plan, the immediate focus must be on restoring the data.

Once the dealership system is back online, the accounting office will be inundated with tasks:

  • Every sale, service, part, and warranty transaction that occurred during the outage will need to be manually entered into the system.
  • Vehicle and parts inventories will need to be physically counted and reconciled with system records.
  • Bank reconciliation will serve as a key checkpoint for balancing the books and ensuring all payments are accurately posted.

The Bigger Issue: Breach of Trust

This entire event is a betrayal of the vendor-manufacturer-dealer relationship. How could CDK, a preferred vendor, have allowed such a breach to occur? Where were the requirements and audits to ensure the security of dealership data? Lawsuits will likely follow, with dealers, consumers, and employees all seeking accountability for this breach.

Final Thoughts

This breach has underscored the importance of having a solid data security and recovery plan. Dealers should be reaching out to their Cyber Liability Policy carriers to understand their coverage. Additionally, the reliance on a DMS vendor to secure dealership data is no longer something that can be taken for granted.

Dealers must start asking the right questions and hold their vendors accountable for maintaining proper data security. It’s time to take proactive steps to ensure that a disaster like the CDK cyber attack doesn’t happen again more information visit gnvlogs.com.