Key Highlights
- In mid-June 2024, auto dealership around the country were affected by a massive ransomware cyber attack on a popular software owned by CDK Global.
- CDK Global’s software is commonly used by car dealerships to manage tasks like scheduling to tracking vehicle sales and orders.
- CDK Global revealed that nearly all 15,000 car dealerships that use their software across North America were affected by this cyber incident.
- The cyberattack involved the hackers freezing the system and demanding a ransom of $25 million, which CDK Global ended up paying through Bitcoin to the hackers.
- Overall, the cyberattack resulted in over $1 billion in losses for dealerships across the country.
- One of the best ways to protect your small business against costly cyber attacks and data breaches is to get cyber insurance. With The Hartford, you can add cyber insurance to your Business Owner’s Policy (BOP) or general liability insurance policy.
Transcript
The views and opinions expressed on this podcast are for informational purposes only, and solely those of the podcast participants, contributors, and guests, and do not constitute an endorsement by or necessarily represent the views of The Hartford or its affiliates.
You’re listening to the Small Biz Ahead podcast, brought to you by The Hartford.
Our Sponsor
This podcast is brought to you by The Hartford. When the unexpected strikes, The Hartford strikes back for over 1 million small business customers with property, liability, and workers compensation insurance. Check out The Hartford’s small business insurance at TheHartford.com.
Gene (00:02):
Hey everybody, it’s Gene Marks and welcome to another episode of The Hartford’s Small Biz Ahead Podcast. Thank you so much for joining me this week. I want to talk to you about ransomware. Do you remember a few weeks ago there was this big news about all these auto dealerships around the country we’re being frozen out from doing any transactions because of a, a malware attack or ransomware attack? Well, guess what guys? That was the truth. And there’s a bad ending to this story. First of all, let me tell you, this attack was made on a company called CDK Global. They make crucial software that’s used by more than half of the country’s car dealerships, right? If you’re a car dealership, you’re running on this platform to do your transactions and, and whatnot. It’s a very important vertical application for people in that industry.
Gene (00:51):
Well, guess what? They got hit by a cyber-attack and do you know what they had to do? They paid a ransom. They paid a $25 million ransom. This attack forced them at the time to shut down most of their systems. That was used by 15,000 dealer customers. According to the Detroit Free Press, dealers missed out on a billion dollars in revenue with 56,000 new car sales lost. This is according to an economist. You can imagine what impact that has on businesses of all sizes. And in the end, CDK Global had to capitulate and pay a $25 million ransom. Now, there’s no guarantee just because they paid this ransom that they’re in the clear going forward. Just be aware. I mean, when you get hit by a ransomware attack and you give up and you pay the ransom, I mean, listen, you’re paying ransom to like criminals that are out there.
Gene (01:52):
I mean, they can’t be trusted to begin with. This by the way, is made worldwide news because it impacted so many people. But I have to tell you, there are other surveys, there’s other data, there’s other research that shows that countless small businesses, tens of thousands of them are impacted by ransomware attacks every year just like this. People don’t like to talk about it. It’s certainly like, not news that they want to report. It’s embarrassing, but more importantly, it can be crippling to your business because if you get hit by a ransomware attack, you are down for a while and you are subject to lawsuits as well. Because God forbid, if this ransomware attack has an impact on your data, and any data gets breached because of it as well, it’s just a big issue. So, I’ve talked about this before, but I’m going to talk about it.
Gene (02:43):
Bring it, it’s been a while since I talked about it on this podcast, and I want to bring it back up again about preparing for a ransomware attacks, how to defend yourself against a ransomware attack. So, let me give you just a few pieces of advice to protect yourself, which there’s no guarantees because big companies like this get attacked. The Department of Defense gets attacked. Big tech companies get attacked. But you can minimize your exposure to ransomware by following a few general principles. Okay? First of all, you really should be hosting your systems with somebody else. You should have your applications hosted with a managed server provider that you trust, that has the latest resources, the latest technology for making sure that your data and your systems are not subject to ransomware attacks.
Gene (03:32):
And you should also be running localized ransomware, virus, antivirus, anti-malware software as well to protect you. Listen, I’m in the business of selling CRM software. We deal with a lot of IT firms for, if you’re listening to this podcast and you’d like a recommendation for some IT firms that can do a security audit and help you with this, let me know, because I’m happy to refer some IT firms that do this. But you got to make sure that you’ve got somebody on the IT side is either managing your data, you want to make sure that you, they, you’ve got a software in place both at the server level and local level to protect yourself against ransomware attacks. But that’s only one of the things you have to do. There’s a few other things that you need to be doing. The biggest thing is training survey after survey finds that the biggest culprit in all malware attacks, breaches, ransomware attacks, is you and me.
Gene (04:23):
It’s people. We need training. We’re not, a lot of times we click on the wrong file, we click on the wrong link. We’re responding to somebody too quickly without thinking about it. We’re not aware of what’s out there and we’re not paying attention when something is a, a bad actor is, is coming on. These people are getting better and better with ai. So we have to make sure that we know what we are doing. And all these, so many surveys report that a lot of these ransomware attacks were caused. I bet you, I bet you it’s CDK Global. I don’t know this for a fact, but I bet you that somebody clicked on some wrong file at some point, they did some employee somewhere downloaded. You only need one person to do it. Download some malware to their, their workstation and boom, it propagates across your entire network.
Gene (05:08):
So, the only way to really stop that is really good training. Again, getting back to that IT firm, you gotta make sure you’ve got a good IT firm that provides training to your employees. They should be getting trained three, four times a year on security to keep an eye open for these different things. And also, you might want to consider training software. A really good one I know is called KNOWB4, is an application. There’s many that are out there like it that will actually send fake emails to your employees trying to get them to click on things and make mistakes so that the software can come back and say, see, we got you. This is, you need to be aware of this. You need to be aware of what these we, what these, you know, emails say. So, two big things is you’ve got to be investing in the software locally and at the server level, making sure you’re hosting your applications with a good managed service provider. And again, I can recommend some good ones, or number two. And number two is you need to make sure your employees are trained. That same IT firm should be providing training for your employees on a regular basis. You might want to be using software to do it as well.
Gene (06:14):
Finally, and this is a plug for The Hartford, but you really should have cyber insurance in your business and you might want to take another look at your cyber insurance coverage. The Hartford offers cyber insurance policies. It is essential. Every one of my clients has some sort of cyber insurance policy now, many of them didn’t five, 10 years ago. Now, everybody seems to, they will provide coverage for you in many cases for when there’s a ransomware attack or if data is breached. If your loss of continuity of your business for a while, business interruption insurance, as well as any potential lawsuits you might have people suing you because they, they feel that their data was put at risk or was breached as well. All this can come from a ransomware attack. I really hope the people at CDK Global have insurance for this issue because they’re going to be facing quite a lot of lawsuits.
Gene (07:06):
So, ransomware, it’s a big deal. It is only going to become bigger. AI is helping these bad actors become that much better with ransomware attacks. And there will be ai, there are AI tools to help the good guys fight against them, but it’s going to be a continuous war host your applications and data with somebody else. Have a good IT firm that you are working with. Make sure you’re using the most updated security software. Get training frequently of your employees that they know, and they can recognize when something seems unusual or sparks curiosity. And finally, have cyber insurance.
Gene (07:42):
These are the things you need to be doing in your business to make sure you’re protected against ransomware attacks. It does not guarantee it, it does not provide you a hundred percent protection, but it really helps to minimize the risk and you need to be doing everything you can to minimize the risk. We had this big case from CDK Global, they had to pay this $25 million ransom. You do not want to be in the same situation where you were forced to pay a ransom as well. My name is Gene Marks. You have been listening to this week’s episode of The Hartford’s Small Biz Ahead Podcast. If you need any help or advice, tips and tricks and things to help you run your business, visit us at smallbizahead.com or sba.thehartford.com. Thanks so much for listening to this. We’ll be back with you next week with another bit of advice I have for you to help you run your company. Talk to you then. Take care.
Download Our Free eBooks
- Ultimate Guide to Business Credit Cards: The Small Business Owner’s Handbook
- How to Keep Customers Coming Back for More—Customer Retention Strategies
- How to Safeguard Your Small Business From Data Breaches
- 21 Days to Be a More Productive Small Business Owner
- Opportunity Knocks: How to Find—and Pursue—a Business Idea That’s Right for You
- 99 New Small Business Ideas
View Comments (3)
what’s the cost
Our representatives are happy to help answer any questions you may have at 866-467-8730. Thanks for reading!
Great information for any business. Small or large.