Blog

Safeguarding Your Software Supply Chain: Lessons from the CDK Global Cyberattack

AUTHOR

Kevin Lewis
Sr. Managing Director & CISO

The recent CDK Global Cyberattack sheds light on the importance of protecting your software supply chain. As a leading provider of software-as-a-service (SaaS) solutions for car dealerships, CDK Global’s operations were heavily affected, impacting numerous clients. By looking at the details of the CDK cyberattack and understanding, what a software supply chain attack entails, we can identify best practices for ensuring your organization’s security.

The CDK Global Cyberattack

On June 17, 2024, a massive cyberattack on CDK Global disrupted their operations, impacting over 30,000 car dealerships that rely on their software for essential operations. The attack compromised a third-party vendor that CDK Global used to deliver software updates to its clients, allowing the attackers to inject malicious code into the updates. This resulted in severe disruptions to CDK Global’s systems, putting their clients’ businesses at risk.

Understanding Software Supply Chain Attacks

A software supply chain attack targets the development, distribution, and update process of software components and applications. By compromising an element of the supply chain, attackers can manipulate or steal software, or use it as a means to deliver malware or ransomware to end users. These attacks are increasingly becoming more common and sophisticated, affecting large numbers of users and systems.

Best Practices for Protecting Your Software Supply Chain

  • Conduct regular security audits and assessments: Evaluate your software development and distribution processes, as well as your third-party vendors and partners. Address any vulnerabilities and adhere to industry best practices for security and quality.

  • Adopt a comprehensive and layered security strategy: Implement encryption, authentication, authorization, monitoring, logging, and incident response measures. Utilize security tools such as code signing, software integrity verification, malware scanning, and endpoint protection.

  • Strengthen communication and collaboration with software suppliers and customers: Ensure transparency regarding changes, updates, or issues, and verify the authenticity of software received or delivered. Encourage your partners to follow software supply chain security best practices and report any suspicious activities.

  • Create a robust backup and recovery plan: Regularly back up your software and data to a secure, separate location, and test recovery capabilities. Have a contingency plan in place for software supply chain attacks, including isolating affected systems, restoring software and data, and notifying stakeholders and authorities.

 

 

The CDK Global Cyberattack highlights the critical need for robust software supply chain security. Organizations that adhere to best practices can diminish the potential impacts of such attacks and safeguard their assets. Navigating the complex landscape of cybersecurity is essential in ensuring a secure software supply chain. Building strong relationships with experienced cybersecurity experts is crucial, as they can provide valuable guidance and support.

Understanding and addressing the challenges of cybersecurity are vital for businesses. A secure software supply chain can help a businesses focus on value creation and ensure growth during digital transformation. If you want to learn more about how to protect your software supply chain and navigate the challenges of cybersecurity, E78 has a robust suite of technology solutions to accelerate value creation and drive growth for your business.

Share

Meet the Author

Kevin Lewis
Sr. Managing Director & CISO