CDK and Crowdstrike: Are your vendors putting you at risk?

What do you do when a service or platform that your organization relies on goes down?

The recent chaos caused by problems with CDK and Crowdstrike highlights the need to be mindful of risks caused by 3rd party vendors. It’s also a reminder as to why having a contingency plan in place before an outage or attack occurs is key to any organization’s response.

Both issues stemmed from different root causes.

In CDK’s case, a ransomware attack left dealers that account for around 70% of the U.S. car market scrambling to do deals with nothing more than paper forms and phones. Thrown back to 1983, the dealers muddled through but not without significant disruption which is still being felt. There was little else the affected dealers could do given how much they rely on CDK’s platform.

When it comes to Crowdstrike, it has been reported as simply a bad update. But an underbaked piece of code crippled the developed world’s economy. Delta Airlines alone has reported losses of $500M due to the issue.

Both incidents had different causes. Both incidents forced large and visible chunks of the economy to grind to a complete halt because of a software issue.

It doesn’t matter what the cause is, two questions need to be answered.

If one of your vendors or IT systems goes down, are you prepared with contingency plans and procedures to keep operations running?

Have you vetted your vendors and assessed the risks that they could pose to your organization?

If you have questions about IT security and the evolving threat landscape, call ITPAC today.