Software, and digital transformation more broadly, have transformed the business landscape. Nearly every modern business relies on software to run their operations, and digital technology has become a pervasive, invisible thread enabling and optimizing workflows.
When it works well, businesses software fades into the background. But when a disruption happens, entire sectors can grind to a halt.
And with the news that car dealership software-as-a-service (SaaS) platform CDK Global suffered an additional breach Wednesday (June 19) night just as it was starting to restore systems shut down in a Tuesday (June 18) cyberattack, the simple fact that trouble with a key infrastructure provider can result in a butterfly effect of industry disruptions is top of mind for businesses relying on external software solutions.
CDK Global’s dealer management platform is used by thousands of car dealerships across the U.S. and by companies including Kia, Toyota, BMW, Stellantis and others that leverage its software solutions to handle things like CRM, financing, payroll, support and service, inventory and back-office operations.
As fallout from the incident continues, many businesses have effectively been shuttered and remain unable to return to normal business while others have turned to paper-based processes and other workarounds for record-keeping and other administrative tasks.
CDK reportedly told customers on Thursday (June 20) that it did “not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days.”
Read more: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses
The cyberattack on CDK Global highlights the growing threat of ransomware attacks on the business landscape, particularly industries that rely heavily on digital and IT infrastructure. What has changed within today’s backdrop is that as technology has advanced, with managed services and applications becoming more critical to business operations, the impact of cyberattacks now have a much greater reach.
And if an attack on a critical infrastructure provider that leaves the sector it services unable to operate sounds familiar, it’s because similar incidents are on the rise, a fact that underscores the need for companies to invest in robust cybersecurity measures and incident response plans.
After all, it was just this past February that the cyberattack on Change Healthcare, a billing and payments unit owned by UnitedHealthcare, caused complete disruptions at healthcare clinics, medical billing companies and pharmacies.
The cyberattack on Change Healthcare ultimately cost its parent, UnitedHealthcare, $872 million. The company has said the breach was caused by a ransomware gang known as ALPHV or BlackCat.
The attacks haven’t stopped since then, either. As PYMNTS reported, a “significant volume of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake on June 10, and Thursday this week it was revealed that stolen data from LendingTree subsidiary QuoteWizard obtained during the Snowflake breach is being sold to the highest bidder on cybercriminal forums.
The same hackers are also reportedly demanding ransom payments ranging from $300,000 to $5 million from other of the breached companies.
News also broke at the start of the month (June 4) that TikTok was dealing with a recent security breach when hackers targeted well-known brands and celebrities on the platform.
See also: As Data Breaches Proliferate, New NIST Playbook Offers Recovery Tactics
The realities of today’s cyberthreat landscape relative to the increasingly interconnected business marketplace means that it is no longer just a single company and its customers who are affected by attacks — but entire ecosystems and industries.
“Identity theft, phishing and data breaches have all become more prevalent,” Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS.
PYMNTS Intelligence has found that 82% of eCommerce merchants endured cyber or data breaches in the last year. Forty-seven percent of those merchants said the breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a PYMNTS Intelligence and Nuvei collaboration.
“Everyone has been dealing with cybersecurity for a long time,” Erik Sallee, CFO at XiFin, told PYMNTS. “There’s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you’re working with good vendors, and investing in it. It’s a cost-avoidance type of investment, but it’s one you have to understand and you can’t short shrift it.”