Skip Navigation

4 questions answered about the software cyberattacks affecting car dealerships

www.pbs.org 4 questions answered about the software cyberattacks affecting car dealerships

For prospective car buyers, it's meant delays at dealerships or vehicle orders written up by hand.

4 questions answered about the software cyberattacks affecting car dealerships

CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations.

For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.

13

You're viewing a single thread.

13 comments
  • Maybe I'm being silly because I'm not in IT, but it would seem to me that one of the ways to avoid this sort of thing happening would be a diverse array of software to choose from rather than everyone using the same one. I don't think compatibility should be an issue any more than it is for OpenOffice to be able to open Microsoft Word files. We're not generally talking about complex interactions here, are we? It's usually database info that can't be access, isn't it? But I don't hear about diversification as a solution.

    Please do explain to me what I'm missing because I feel like I'm missing something.

    • Ah we cross paths again..

      diverse array of software

      Nope the bosses want us to use one of the largest platforms because those are the best supported… usually

      Also security; in many places, IT is a cost rather than being seen as an investment… car dealers want a nice building because that attracts people— fsck IT, it doesn’t attract people to buy cars…

    • All major car franchises have their own systems. I've been away from car dealerships for a while now but they all use similar systems and for the most part the cheapest service is always the choice. The dealerships all have differing but competent standards when dealing connections to the cooperate head quarters but everything else is a crap shoot of poorly considered decisions driven by cost and only cost. Not that the hole that the crooks used were probably through the a dealership but its possible since I know how obtuse certain groups are at dealerships.

    • There are a lot of industries that have niche software needs. It's hard for a competitor to break in because the market is only so big and it's better to have something standard and time tested.

      Interoperability is often limited to a one-time database migration, and often requires a specialist to do a lot of the transfer manually.

      I don't know if that's the case with this software because it's not my industry, but I've dealt with similar issues. You'd be surprised how much of the world still runs on AS/400

    • It's the same problem with every other monopoly. Everyone wants it, both shareholders and customers. It's objectively more efficient to standardize on the same equipment or software, train workers on it. It's better for workers too since their skills are transferrable. It's only bad when the negatives show up, such as price gouging by the shareholders, or them cutting corners in quality or security. But my point is that not going with a single vendor isn't free on all sides of the equation, it requires work, which is why on average we tend to prefer monopolies even as consumers.

      To put it bluntly, I really don't want to have to think about grocers profit margins and prices after having worked 9 hours. I just want to get fucking eggs and bread from the store nearby. I don't want to drive or bus ride to another one. It won't happen. And that's why it doesn't. The assumptions about the individual (constantly shopping around for the best price) in the mainstream microeconomic theory are just wrong. This translates into small businesses (not only) shopping for their dealer sales software system.

    • I was about to comment similarly.

      This is why I always advocate against cloud and "always connected" services for critical line-of-business software (and software for personal use, but that's a slightly different but also similar argument).

      I'm unclear if CDK is a cloud service that's offline for customers, but it sure sounds like it. The other possibility is a supply-chain attack which affected local installs, such as what happened with SolarWinds a few years ago, but with that many dealerships being simultaneously affected by CDK shutting down their systems, it seems more like the former.

      one of the ways to avoid this sort of thing happening would be a diverse array of software to choose from

      In an ideal world, that would be the case. But as is often the case with niche business software, there's usually only a few players (if that many), and any newcomers are either bought out or can't compete.

      • Isn't that monopolistic though? I realize this is a pipe dream, but wouldn't it be theoretically possible to use the law to stop that?

        • I don't know much about the market for car dealership software, but I work for a non-profit that deals with environmental remediation. Finding LOB software that meets our needs is an absolute nightmare because it's so niche. What we can find is either crazy expensive, doesn't do what we need it to do, is from some terrible fly-by-night vendor, or some combination of those. So when you do find something that mostly meets your needs, you pretty much have to take what you can get.

          The government can incentivize or contract out companies to write software, but AFAIK, they can't compel any company to do so. IANAL, but I would also assume they'd need to stop approving any M&As that may be contributing to market consolidation

          You basically nailed it with "pipe dream".

          • I guess the only other option would be for the companies to write the software themselves, which they don't have the time or the money to hire people to do, I'm sure.

            • Right.

              In reality, we'd end up with about a million Access "databases" (or Excel files) getting emailed around, lost, stolen, corrupted, etc (ask me how I know that lol).

13 comments