What's Hoppening

Beyond Shiny Objects: Why Cybersecurity Matters to Dealers & Vendors

Written by Kyle McCracken | Jun 21, 2024 7:23:23 PM

A Message from our CEO, Kyle McCracken:

What a trying time for dealers, shoppers, and CDK because of this hack.

In my prior life, I architected and deployed solutions that facilitated business for Fortune 10 to start-up companies with keeping three primary focuses at the forefront (1) Is it secure? (2) Is it scalable? and (3) Is it robust? There’s actually a fourth focus that many companies still view as optional (not saying this is the case here, but): Can it fail-over? Fail-over is basically, if you have Server A that is conducting business and it goes down, you have Server B that facilitates your business if there’s a disaster (aka a hack). Most importantly, you have an application & server architecture that’s extremely resilient…offline back-ups that can be restored that are next to real-time, servers hosted in a totally different region, virus/malware scanning, source code vulnerability testing, protecting source code, penetration testing, etc.

From my experience, companies often lose focus and/or put off the necessary because other things become a priority (aka shiny coins) and/or it’s just old architecture/coding that’s going to cost time/money to update and/or it’s not thought about and/or it’ll never happen to us…the list goes on. Most of the time it’s unintentional.

One thing is for sure, dealers are resilient! They’re figuring out how to do things without the tech. That’s what dealerships do! Let’s go!!! But should they have to in this day and age? Should any company?

A few things come to mind during this event…everyone can take note.

  1. The importance of cyber security and education.
  2. The importance of investing in application and server code updates/upgrades.
  3. The importance of having a fully redundant Disaster Recovery Architecture and Plan, which means you can run your business if your primary servers/apps go down...and testing.
  4. The importance of knowing stuff can and will happen, eventually.

I’ve seen many people out there think customer data was compromised. It’s too early to tell without scouring through tons of logs (e.g. networking, server). Often PII (e.g. Personally Identifiable Information such as SSN or email) has specific rules on how companies handle that data within their app (e.g. anonymous userIDs, encrypted SSN), so even if your data is stolen, hackers don’t really have access to your raw SSN. I’m not saying this is the case here, but often that’s the case.

In the meantime, our iFrog Team is helping our dealer partners get through this difficult time. Hopefully, this resolves soon!
View full post