A recent cyberattack on software provider CDK Global impacted car dealerships across the United States. CDK confirmed the company took swift action, shutting down most of its systems “out of an abundance of caution” for customers and restoring its core document management system and digital retailing solutions quickly thereafter.

Extensive Testing and Updates

“We are continuing to conduct extensive tests on all other applications,” a company spokesperson stated in a media communication. Despite the disruption, CDK remains committed to ensuring the security and functionality of its services.

CDK Global’s Role

CDK Global is a leading provider of cloud-based software for car dealerships nationwide. Their software assists dealerships in managing various aspects of their operations, including vehicle acquisitions, sales, financing, insurance, repairs, and maintenance. Notably, CDK offers a robust “three-tiered cybersecurity strategy” designed to prevent, protect, and respond to cyberattacks.

Why Car Dealerships Are Targeted

The recent incident at CDK Global is part of a broader trend. Just recently, Findlay Automotive Group, which operates in five states, also fell victim to a cyberattack. The Las Vegas Review-Journal reported the attack significantly impacted the group’s ability to conduct sales and service. A 2023 report from CDK sheds light on the growing threat faced by car dealerships. Of the 175 surveyed dealers, 17% experienced a cyberattack or incident within the past year—a notable increase from the previous year’s 15%. Alarmingly, 46% of those affected reported negative financial or operational consequences.

Not a Hard Sell

Why are car dealerships so appealing to cybercriminals? The answer lies in the treasure trove of sensitive customer data they hold. From credit applications to financial information, dealerships are repositories of valuable data. Additionally, dealership systems often connect to external interfaces and portals, including external service providers. Unfortunately, many dealerships lack basic cybersecurity protections, making them vulnerable to attacks. As the automotive industry increasingly relies on digital systems, safeguarding against cyber threats becomes paramount. CDK Global’s experience serves as a stark reminder of the importance of robust cybersecurity measures for all businesses, especially those handling sensitive customer information.

Strengthening Cybersecurity: The Role of Training and PhishingBox Solutions

In the wake of the recent cyberattack on CDK Global, it’s crucial to recognize robust cybersecurity measures extend beyond software and firewalls. Education and awareness play a pivotal role in safeguarding businesses against threats. Here’s why:

  1. Cybersecurity Training and Awareness Programs - Knowledge Is Power

    • Employee Training: Regular training sessions empower employees to recognize potential threats. They learn to identify phishing emails, suspicious links, and social engineering tactics. By fostering a security-conscious culture, organizations can significantly reduce the risk of successful attacks.
    • Best Practices: Training programs should cover best practices such as strong password management, secure browsing habits, and safe use of company devices. When employees understand their role in maintaining security, they become active participants in the defense against cyber threats.
  2. Leave it to PhishingBox

PhishingBox offers a comprehensive suite of solutions designed to combat phishing attacks and enhance security awareness:

  • Phishing Simulations: PhishingBox allows organizations to simulate real-world phishing attacks on their employees. These controlled exercises help assess vulnerability and provide valuable insights into areas for improvement.
  • Interactive Training Modules: Engaging training modules educate employees about phishing techniques, red flags, and safe practices. Topics include email security, social engineering, and password hygiene.
  • Reporting and Analytics: PhishingBox provides detailed reports on user performance during simulations. Organizations can track progress, identify trends, and tailor training accordingly.
  • Customizable Content: Organizations can create custom phishing scenarios relevant to their industry or specific threats they face.
  1. The Human Element

Remember, cybercriminals often exploit the human element—the weakest link in any security chain. By investing in training and awareness, businesses empower their teams to be vigilant and proactive with comprehensive human risk management.


As CDK Global recovers from the recent attack, let’s learn from their experience. Cybersecurity is a collective effort involving technology, processes, and people. Implementing training programs and leveraging solutions like PhishingBox can significantly enhance an organization’s resilience against cyber threats.