Guest post by John Burkhalter: In today’s increasingly digital world, the risk of cyber threats…
Lessons Learned from the CDK Hack & CrowdStrike Crash
Welcome to another recording of Bits & Bytes, CEO Insights.
Today, we are joined by Chris Olson, IT Director of Catalyst IT out of Sioux Falls, South Dakota; Ed Burton, CEO of ThinkTech Advisors out of Raleigh, North Carolina; and Kevin Kilpatrick, President of Kilpatrick IT out of Merrimack, New Hampshire.
Our topic of discussion focused on the critical lessons learned from the CDK Hack and the CrowdStrike Crash—two incidents that have left a significant mark on the tech world and offered key insights into cybersecurity, disaster preparedness, and risk mitigation.
In recent years, the tech world has witnessed numerous high-profile cyber incidents that disrupted business operations across industries. Two notable examples—the CDK Global hack and the CrowdStrike crash—serve as stark reminders that even the most trusted technology companies can falter under the weight of cyber vulnerabilities and system failures. These incidents offer valuable lessons in cybersecurity, disaster preparedness, and risk mitigation.
The CDK Hack: A Wake-Up Call for Cloud Security
The CDK Global hack struck fear across the automotive industry, as CDK is a leading provider of cloud-based software to car dealerships. CDK’s software is widely used to manage everything from accounting to inventory, and the hack was a disaster for many dealerships relying on its seamless operation.
The lesson here? No company, no matter how trusted, is immune from a security breach. As Kevin pointed out, “CDK is a huge company, originally known as ADP, dating back to 1973. They were a trusted provider, but even they weren’t prepared for this.” In the end, CDK reportedly paid a $25 million ransom because they could not restore their data independently.
Blind trust in vendors is dangerous. This incident underscored that companies cannot blindly trust any vendor, no matter how reputable. Businesses should conduct thorough research on their partners, regularly review security measures, and never assume that large organizations are invincible.
Safeguarding Cloud-Based Applications
With more businesses moving to the cloud, software applications are becoming prime targets for hackers. Ed reflected on this growing trend, saying, “It seems like a lot of focus has been turned towards that from the hackers.” Today, it’s not just email applications that are under attack—everything from login credentials to cloud-based accounting software is being scrutinized.
The increasing threat to cloud applications means businesses must protect critical entry points immediately. Simple measures like two-factor authentication and regular software updates can go a long way in safeguarding sensitive data. However, having these measures in place isn’t enough—companies must regularly audit and strengthen their security posture to stay one step ahead of attackers.
The Importance of Backup and Disaster Recovery Plans
One of the most important takeaways from the CDK incident is the need for regular data backups. As Kevin emphasized, “If you lose access to even basic financial information, like who owes you money, that’s a potentially business-ending situation.” The CDK hack caused serious operational delays for dealerships that had no access to crucial financial data during the incident.
Businesses should regularly back up essential documents like profit and loss statements, accounts receivable reports, and client data. Whether stored in physical or electronic formats like Excel spreadsheets, these backups are vital for maintaining business continuity during an incident.
The host suggested automating these backups, asking, “Can something like this also be put into rules and regulations where it can just happen on a weekly, daily, or monthly basis?” Kevin confirmed that in most cases, backups can indeed be automated. However, regular checks must be conducted to ensure backups are functioning properly.
Lessons from the CrowdStrike Crash: More than Just a Software Glitch
The CrowdStrike crash was not a result of hacking, but a poorly tested software update that caused widespread issues for its users. CrowdStrike, known for its cloud-based security solutions, experienced a system failure that rendered many computers inoperable. While it wasn’t a malicious attack, the consequences for businesses relying on CrowdStrike were severe.
Ed explained the issue in greater detail: “The update was auto-distributed across many systems and ended up rendering them inoperable. This wasn’t a hack, but the impact on businesses was just as severe.” This incident reinforces the importance of not placing full trust in even the most established vendors, as even routine software updates can lead to disaster if not properly tested.
Avoid the “All Eggs in One Basket” Trap
One of the central lessons from both the CDK hack and the CrowdStrike crash is that businesses should never place all their eggs in one basket. As Chris emphasized, “Don’t have full dependency upon a single piece of software.” When companies rely solely on one solution, they become vulnerable to catastrophic failure if that solution is compromised or experiences downtime.
Diversifying software providers, regularly reviewing systems, and implementing business continuity plans are all critical strategies to mitigate the risks of relying on a single vendor. For example, while the CrowdStrike crash required manual intervention to restore systems, having alternative security solutions in place might have limited the scope of the problem.
Business Continuity and Disaster Recovery Planning
Both incidents highlighted the need for comprehensive disaster recovery and business continuity planning. As Kevin pointed out, “Whether it was CDK or CrowdStrike, if the system is down and inoperable, the impact on the business is the same.” Companies need to have a plan in place for dealing with downtime—whether it’s caused by hacking, a system crash, or even a poorly executed update.
To achieve this, businesses must:
- Inventory their critical applications and processes. Identify the most essential applications and determine how long the company can function without them.
- Back up critical data regularly. Kevin recommends regularly downloading reports and documents like profit and loss statements and client data, to ensure that businesses can continue operating even if access to primary systems is lost.
- Test the plan regularly. Simply having a disaster recovery plan isn’t enough—it must be tested and updated regularly. Businesses should run “fire drills” to ensure that the plan will work when it’s needed most.
- Prepare for multiple scenarios. Not every incident will have an immediate fix, so businesses must be prepared for worst-case scenarios. This means planning for extended downtime and identifying how to keep essential operations running in the meantime.
Preparation is the Best Defense
Both the CDK hack and the CrowdStrike crash serve as critical reminders that no company is immune to failures—whether they come from malicious hackers or flawed software updates. The best way to mitigate these risks is through comprehensive planning, regular backups, and a healthy dose of skepticism. As the panel concluded, “The time to prepare for an accident is before it happens.”
It’s not about if something will go wrong, but when. Companies that prepare adequately, diversify their software providers, and develop solid disaster recovery plans will be in a much better position to weather these inevitable storms.
Building a Future-Proof Cybersecurity Strategy
Terminal B believes in a proactive approach to cybersecurity. By anticipating potential challenges and updating our strategies, we ensure your business remains resilient against cyber threats. Our solutions protect against current threats and prepare you for future challenges.
To learn more about how we can help your business stay secure and compliant, visit our dedicated services page. Our team at Terminal B is committed to providing top-notch cybersecurity solutions that meet your specific business needs. We’re here to help you navigate the complexities of digital security with confidence and ease.