"We look forward to leveraging our operating capabilities to build on the Company’s track record of providing best-in-class customer service and innovation" they said. At the time of Brookfield's $8.3B - all cash - acquisition of CDK Global only two years ago, the merger was one of the largest the automotive sector had ever seen. At the time, antitrust concerns were silenced as the parent company is a diversified multinational and not subjected to monopolistic accusations. Yet, over the past month, the Toronto-based conglomerate had a tough time reportedly negotiating with extortionists in a bid to pay an enormous ransom that will release a global chokehold put on the automotive parts sector for about two weeks.
A gang of cybercriminals is apparently behind the BlackSuit ransomware has sent an entire industry sector back to relying on pen and paper to continue operations. As up to 30,000 car dealerships, garages and other logistics firms in 100 countries held their breath in hope of a solution, we observed a few points of failure that likely mean that we will see this situation rear its ugly head in the not-too-distant future:
- Publicly funded studies need to identify single points of failure within integrated supply chains that represent a disproportionate economical risk, technological bottleneck or opportunity for adversaries to launch availability attacks.
- Enterprise-class organizations should be responsible for complying with business continuity planning, disaster recovery and incident response testing standards requiring preparedness on a global scale.
- Recovery and mitigation costs are vastly larger than the ransoms themselves, requiring proper accounting for the costs of downtime, data loss and reputational damage, particularly if associated risks are to be partially transferred to cyber insurance policies.
So now that the sector is recovering from a traumatic few weeks that saw employee hours manually recorded on paper and phone orders scribbled onto Stick It notes, can the harm be quantified? Probably not. Aside from the cascading confidentiality, privacy and ancillary recovery costs, this is a trillion-dollar industry whose convulsions were witnessed by the public in real time. It makes sense that politicians, lawyers and corporate leaders take a moment and think about the big picture, because it's not pretty.
Ransomware used to victimize grandparents to the tune of hundreds before moving to small and mid-size businesses that were extorted out of hundreds of thousands of dollars as recently as 2021, the year before the Brookfield CDK mega-merger. Last year, Canadian companies that did report paying ransoms, indicated that the average amount had ballooned to $1.3 million. With demands of $25 Million (London Drugs) and now (reportedly) into the hundreds of millions, we can surmise that this is a sign of the times. But it's more than that: it's the relentless pursuit of scale that forces organizations to become global behemoths that drive (pun intended) entire industry sectors and will soon represent serious dependencies for national economies as a whole.
Fundamentally, breaches are more devastating today than before due to several obvious reasons:
- Digital Dependency: Organizations increasingly rely on digital technology for operations, expanding their vulnerability to cyberattacks. As businesses digitize more of their processes, their attack surfaces broaden, making it harder to defend against threats.
- Sophisticated Attacks: Modern cyberattacks employ advanced techniques like ransomware and phishing. These attacks are more targeted and capable of bypassing traditional security measures, causing extensive damage.
- Interconnected Systems: The complexity and interdependence of IT systems mean that a breach in one system can disrupt entire sectors. For instance, the recent CDK Global cyberattack impacted 15,000 auto dealerships, disrupting sales, financing, and maintenance services, showcasing how interconnected systems can amplify the effects of a single breach.
- Lower Barriers to Cybercrime: The availability of cybercrime tools and services has lowered the barrier to entry for attackers. This democratization of cybercrime means more frequent and varied attacks, impacting a wider range of businesses.
- Human Element: Human error remains a significant factor, with phishing and weak password practices being common vulnerabilities that cybercriminals exploit.
- Economic and Regulatory Impact: The financial and legal consequences of breaches are severe, including regulatory fines and the cost of incident response and recovery.
The CDK Global cyberattack exemplifies these issues, as it disrupted thousands of dealerships across North America, leading to significant operational and financial challenges for the affected businesses. More critically, it is increasingly likely that entire supply chains and industries could be paralyzed - perhaps on a recurring basis - by monumental cybersecurity breaches, similar to the historic CDK Global incident due to:
- Interconnectivity: Modern supply chains are highly interconnected, meaning a breach in one company can have cascading effects throughout the entire chain.
- Complexity: The complexity of digital ecosystems increases vulnerability to sophisticated attacks that can disrupt multiple facets of operations.
- Dependency on Technology: Heavy reliance on digital systems for critical operations makes industries more susceptible to disruptions caused by cyberattacks.
- Sophisticated Threats: Cybercriminals are using advanced techniques that can target key systems and infrastructure, causing widespread damage.
Proactive measures, including robust cybersecurity practices, regular updates, and comprehensive incident response plans, are only going to get us so far, but they remain absolutely essential for mitigating these risks and protecting against significant disruptions that can have cascading effects even beyond what we have seen with the Colonial Pipeline and the CDK Global events.
Member discussion: