CDK Hack: A Wake-Up Call for Car Dealerships

Why the Dealership Ecosystem Needs an OpenAPI Standard to Limit Future Damage

The recent cyberattack on CDK Global, a major provider of software solutions for automotive dealerships, has significantly disrupted operations across the United States. CDK serves over 15,000 dealerships in North America, and the attack, which began on June 19, 2024, forced the company to shut down its systems as a precaution. This shutdown has left many dealerships unable to access critical systems needed for sales, financing, and service operations.

The impact of the attack has been profound, with more than half of US car dealerships affected. Many dealerships have had to revert to manual processes, using pen and paper for transactions and appointments. Some have even sent employees home due to the inability to conduct business as usual.

Cybersecurity is an increasing problem for all businesses, and some say that total prevention is close to impossible. With the total worldwide cost of cybercrime estimated to reach $9.5 trillion in 2024, it is an unavoidable issue that every car dealership must confront. But what can a dealer do to prevent hacking attempts or mitigate their impacts?

Diversification

Created as a DMS, CDK Global has grown into diversified automotive solutions that can be used in almost all digital interactions within the dealership. The problem for many of the 15,000 affected dealerships is that they have employed CDK solutions within all aspects of their business, which has resulted in a crippling of their operations from this attack. Like any good investment strategy, it pays to be diversified, and good software risk mitigation involves ensuring that all your customer touchpoints are not consolidated to any one vendor or security protocol. While one could argue that this increases the potential for multiple entries, the effects are only limited to that service.

The Problem with Vendor Consolidation

So why are dealers increasingly consolidating their vendors? It has been an increasing bugbear of dealers that the myriad of software solutions are siloed and don’t communicate with each other, leading to lost productivity and consolidated customer oversight. CDK has been promoting its end-to-end solution as the savior to this issue. However, the solution isn’t vendor consolidation but rather an OpenAPI framework where dealership vendors can seamlessly communicate with each other with the dealership’s permission.

The Need for an OpenAPI Framework

Some DMS providers claim they are creating OpenAPI for the benefit of dealers, but DMS hardly have a good record in sharing data without gouging dealers or vendors. The industry needs an OpenAPI framework – maybe Drivible should create it? An OpenAPI standard would allow for diverse systems to communicate and integrate without compromising security. This approach not only enhances operational efficiency but also mitigates risks associated with vendor lock-in and single points of failure.

Conclusion

The CDK hack is a stark reminder of the vulnerabilities inherent in relying too heavily on a single vendor for all dealership operations. By adopting an OpenAPI framework, dealerships can create a more resilient and flexible system architecture that can withstand future cyber threats and ensure continuity of service. The future of dealership operations lies in interoperability, enhanced security measures, and strategic diversification of software solutions.

By implementing these strategies, the dealership ecosystem can better protect itself against cyberattacks and minimize the operational disruptions that such incidents can cause.