Understanding the CDK Global Hack: A Case Study in Security Failures
When private equity firms take over, the first thing often compromised is security, as it starts to be seen as an unnecessary expense. CDK Global, once a strong company, fell victim to such a scenario, demonstrating critical vulnerabilities when faced with a cyberattack.
Key Points on CDK's Security Failures:
- Backup Failures:
- The lengthy recovery time suggests a lack of reliable backups.
- If backups exist, they are either outdated or untested, which is as ineffective as having no backups at all.
- There appears to be a lack of knowledge on how to restore from backups.
- Disaster Recovery Deficiencies:
- There is either no disaster recovery plan in place, or if there is one, it is so outdated that it is practically useless.
- The infrastructure contains multiple single points of failure.
- Compromise Awareness:
- There seems to be a lack of awareness about the extent of the compromise.
It is reported that CDK paid $25 million to end the attack. This raises concerns about the hackers' continued access to the system. Could they still be collecting data, preparing for another move?
Recommendations for Dealerships
In my opinion, dealerships should consider developing their own systems and reducing reliance on third-party companies. The breach might have been avoided if CDK had fully implemented Zero-Trust methods.
Zero-Trust Environment:
- In a Zero-Trust setup, it is assumed that the network is already compromised, and only trusted applications are allowed to run.
- Application whitelisting would have stopped the attack by preventing any unapproved application, such as ransomware, from executing.
Importance of Preparedness
The attack on CDK highlights the necessity for businesses to be prepared for any eventuality. All businesses should have a validated Contingency Operations Plan in place:
- Dealerships that had an offline process could continue operations, selling and servicing vehicles despite the attack.
- Those without a plan suffered significant disruptions.
By understanding and addressing these points, businesses can better protect themselves from similar attacks in the future.