What did we learn from the CDK and CrowdStrike Incidents?

Jan 07, 2025 | Posted in: , ,
What did we learn from the CDK and CrowdStrike Incidents (1)

A massive data breach rendering thousands of car dealerships offline and a flawed update crashing millions of Windows systems around the globe… just 31 days apart. The damage amounted to over $6 billion in financial losses for the affected businesses.  
 
With several months between now and then, what have we learned from the CDK and CrowdStrike incidents? What could have been done to prevent or mitigate the damage from these events? 
 
Chris Olson, IT Director at Catalyst IT, participated in a round-table discussion to share lessons learned from the CDK Hack and the CrowdStrike crash. Watch the discussion for tips and ideas on best practices, good security hygiene, emergency drills, and more! 
 
Chris was joined by: 
David Reimherr, Terminal B out of Austin, Texas 
Ed Burton, ThinkTech Advisors out of Raleigh, North Carolina 
Kevin Kilpatrick, Kilpatrick IT out of Merrimack, New Hampshire. 
 
Watch the full, uninterrupted discussion here:


 

The CDK Hack 

As we wrote about in June, CDK Global was hit by two breaches in two days. CDK Global is a Software-as-a-Service (SaaS) platform that provides a full suite of software solutions for car dealership operations from service and support to sales and finance.   
The disruption forced the 15,000 car dealerships it serves offline. 
 
CDK’s software integrates deeply with client networks, often running directly on user machines, requiring dedicated network equipment for communication. This tight coupling created a potential attack surface for ransomware aimed at CDK to spill over and impact client systems.  
 
The severity of this risk for individual businesses depended on the extent of CDK’s control within their environment. Businesses with high levels of access granted to CDK software and deeper system integration faced a greater potential for disruption.   
CDK was forced to pay $25,000,000 in ransom to the hackers in order to recover data and get their systems back online. 

CrowdStrike Crash: 

On July 19th, 2024, millions of Windows systems went dark due to a flawed update that CrowdStrike pushed out to its systems. Millions of business operations and critical services were disrupted, even some airlines were grounded, forcing hundreds of flights to be cancelled. 
 
CrowdStrike identified and deployed a corrective update within an hour and a half of the crash. However, every system had to be manually rebooted and updated to restore operations.  
 
CrowdStrike had to testify before the U.S. House of Representatives and faces a litany of lawsuits in the aftermath. 

What did we learn? 

As the IT experts discussed each incident in-depth, they each shared and elaborated on lessons learned. 

   1. Don’t put all your eggs in one basket. 

Chris Olson highlighted that the companies that were impacted the worst by these incidents also relied the most on CDK or CrowdStrike.  

Kevin Kilpatrick agreed and said, “If you’re dependent on any cloud application, say its accounting, download P&Ls and balance sheets, every week or every month at least. If you don’t even have access to your P&L or any of your accounts receivable, you don’t even know who owes you money.” 
 
   2. Develop an incident response plan 
 
Chris Olson explained that these incidents have exposed weaknesses in emergency-planning: “A lot of businesses didn’t have any incident response plans. They had no alternative route to take. Not having processes and procedures was a big vulnerability that came out of it.”  
 
Ed Burton added, “Create a plan and have a real thoughtful process around if this is out, what are we going to do? Agree on ‘this is how we’re going to operate when the system goes down’, because as we’ve seen, it certainly can.” 
 
Kevin elaborated further, explaining that not just the owner or a few department heads can plan this alone: “Every department head has to be involved. ‘What happens if we lose this? What do we need ahead of time? Do we need pre-written spreadsheets? How do we log data properly until our software comes back on?’” 
  
Chris detailed that not only is it crucial to have a plan, but to review it routinely is just as critical. 
 
   3. Prepare for all scenarios, not just the ideal scenario 
 
Perhaps more important than preparing for a disaster? Preparing for the disaster behind the disaster. 
 
“What happens if the backup fails? We have to ensure we have a backup of the backup,” Chris Olson said. “You have to put your seatbelt on before the accident, not when you’re going through the windshield.” 
 
Are you seeking more advice or want to hear more on the lessons we have learned from CDK and CrowdStrike? You can find a wealth of more advice in the uninterrupted round-table discussion right here!  

What’s the best way to know if my data is safe? 

A risk analysis is the best step you can take to ensure your technology is in good hands. Contact Catalyst IT for an expert analysis that will uncover any vulnerabilities you don’t know about. 
 
Call Catalyst IT here: (877) 843-9611 or reach out here.