The CDK Global Attack and Salesforce Security: What You Need to Know

What happened to customers of CDK Global?

The cyberattack began on June 19. It caused widespread disruption at about 15,000 North American auto dealers that rely on CDK’s management software. Accordingly, the potential financial impact of this attack is staggering. Some industry analysts estimate the cost could reach up to $16 billion. Further, the disruption extends to all aspects of the automotive ecosystem, including repair services, supply chain, vendor payroll services, etc. It is a sobering reminder of the collateral damage caused by such attacks.

Details on the CDK Global attack have not been officially or publicly disclosed. However, many accounts suggest the company was subject to a ransomware attack. Ransomware can be delivered in various ways, with malware or phishing attacks being the most common vector. But here is what we do know about the sequence of events:

• June 18, 2024: CDK Global experienced its first ransomware attack, resulting in the encryption of critical files and systems. Dealerships across North America lost the ability to track and order new parts, schedule service, and manage inventories. Dealers also reported they could not complete sales transactions or process payrolls.
• June 19, 2024: CDK Global shut down its IT systems to initiate a system recovery. Then, during recovery operations, the company experienced a second cyberattack.
• June 21, 2024: Bloomberg reported that the ransomware gang BlackSuit had demanded “tens of millions of dollars” from CDK and that CDK was planning to pay up.
• June 24, 2024: CDK again announced it had restarted the restoration process.
• July 4, 2024: Most CDK customers were back online. Many reported huge transaction backlogs that would take weeks to resolve.

It is unclear whether BlackSuit will use or attempt to sell the customer and business data obtained during the attack.

The CDK attack is a reminder to always invest in Cybersecurity

In the wake of the CDK attack, automotive industry influencers have called on dealers to review their IT and software application infrastructure. For example, Autonews ran an opinion piece that did not mince words: The CDK attack is a wake-up call for dealers. The message in the article is clear: Dealers must now prepare for business continuity management and make cybersecurity a strong priority.

Auto and truck dealers often rely on Salesforce to help manage their customer relationships, sales and service operations, and marketing campaigns. As such, Salesforce security should be top-of-mind for every organization. While Salesforce applies advanced technologies to secure its infrastructure to protect customer data, it acknowledges that cybersecurity is a shared responsibility. Thus, customers must further strengthen the security of their Salesforce instance.

Salesforce emphasizes that customers must take charge of anti-abuse, fraud detection, and prevention measures. Salesforce doesn’t scan incoming data for cyber threats – that’s your responsibility as the user.

While we don’t know the exact vector that led to the CDL Global hack, malware and phishing often lead to ransomware attacks.

WithSecure Cloud Protection for Salesforce: Designed with and for Salesforce

WithSecure Cloud Protection for Salesforce is a Salesforce security solution designed to mitigate the risk of advanced cyber threats on Salesforce. It:

• Provides real-time protection and instant visibility into your entire environment
• Works seamlessly with your customizations and workflows
• Fully complements the infrastructure security controls that Salesforce provides

WithSecure Cloud Protection for Salesforce is a highly certified solution. It meets the strict compliance requirements of modern enterprises and critical public sector organizations. Furthermore, It is an ideal choice for enhancing your Salesforce security. WithSecure Cloud Protection for Salesforce was designed for Salesforce, together with Salesforce. Additionally, it is used and recommended by Salesforce.

Get to know WithSecure Cloud Protection for Salesforce, or use the form below to contact our team to discuss your Salesforce security requirements.