Bussiness
Industry experts urge caution after cyberattacks affect thousands of car dealerships
Industry experts are warning Canadian businesses to take stock of their cyber vulnerabilities after an attack forced automotive dealerships across North America to trade their digital systems for pen and paper.
CDK, an American company that provides software to manage sales and service, was hit with back-to-back cyberattacks last week. It shut down service as a precaution, a spokesperson said. Thousands of dealerships were forced to find workarounds, and experts are calling it a cautionary tale.
The company has called the attack “a ransom event” though it won’t say if it has paid any money to regain control. The company said work was underway to get services back up and running, but estimated the process would take several days.
“The system basically records any and all transactions at the dealership,” Tim Reuss, CEO of the Canadian Automotive Dealers Association, told CTV News. “The sale of a vehicle, trade-in, a service appointment, part sale, a quote. We have never seen anything at this scale before in our industry.”
“It has been really, really difficult,” said JP Kovac, the dealer principal at Gyro Mazda and Gyro Hyundai in Toronto. Kovac says both of his dealerships use CDK software and have had to revert to recording every transaction and booking by hand.
“Just have patience with the people on the frontline,” he said. “They are doing the best they can in a really challenging time.”
Steve Chipman, the CEO of Birchwood Automotive Group in Manitoba, says 16 of his dealerships were impacted.
“It’s frustrating,” Chipman says. “It’s slowing us down, and we will have to re-do everything,” he said, referring to inputting every transaction into the system once it is restored.
But Chipman is also hopeful this event will make his business stronger and says it reinforces the need to stay on top of cybersecurity.
“Everybody grumbles, ‘Why do I have to have such a long password, why is it going to take so much time,’” he says. “It’s proof again that there are very sophisticated criminals out there holding people for ransom.”
The number of cyberattacks has skyrocketed in the last few years, with corporations, hospitals and municipalities all targeted by criminals who typically aim to steal data and hold it until a ransom is paid.
“Cyber security is not a check box exercise,” says Ritesh Kotak, a cyber expert. “It’s not something you invest in one time and that’s it. These threats are constantly evolving and that’s why it’s important for organizations to really think through where to invest to continually stay up to date.”
Kotak says it’s not enough to just have cyber security. He recommends corporations have plans in place in the event they are hit by an attack.
“Do you have the right business continuity processes in place and how quickly can you get back up and running?” he asks. “Otherwise the consequences are you are going to be completely shut down and not able to do anything.”
According to its website, CDK works with more than “15,000 retail locations” and offers a “three-tiered cybersecurity strategy to prevent, protect and respond to cyberattacks.”