On today’s show, we’re pleased to welcome Dean Crutchfield, Executive Vice President and Chief Information Officer at CDK Global.
Jim Fitzpatrick: Hi everyone. I’m Jim Fitzpatrick. Thanks so much for joining me on another edition of CBT News. We’re so happy to have with us, Mr. Dean Crutchfield, who is the executive vice president and chief information officer at CDK Global to talk about a very important topic that affects everyone and especially you dealers out there. And that’s ransomware prevention. Welcome into the show, Dean.
Dean C.: Thank you Jim. Good to be with you today.
Jim Fitzpatrick: Sure. So let’s kind of jump right in here. What is a ransomware attack by definition?
Dean C.: Right. So this is where somebody who is unauthorized gets into your system, and the purpose of them getting into your system is to lock it down, right? So what they do is they generally change credentials or they lock files and encrypt the files that are in your system, essentially rendering your system inoperable, right?
Dean C.: So if you were to take a simple analogy, think of it like Jim, somebody comes to your house, you’re gone, they changed the locks. They haven’t given you a key, right? You can no longer get in your house. That’s what they’re doing. They’re doing it to extort money, right? From the group that they’ve attacked.
Jim Fitzpatrick: Wow. From what I understand, not a lot can be done about this, right? By the time they find the people that have have caused this problem, they’re long gone.
Dean C.: Yeah. You’ve got kind of two options, hopefully. One is pay the ransom. Often a very difficult conversation and a very difficult decision.
Jim Fitzpatrick: Sure.
Dean C.: The other is to restore your system from backup. We can talk further about some of these mitigation control opportunities that you can exercise.
Jim Fitzpatrick: Sure. I think there was a story about… We’re here in Atlanta and the city of Atlanta was a victim of this and I think that they wanted, I don’t know, $100,000 or something like that. City of Atlanta said, “No, we are going to beat this. We’re going to…” It end up costing them like $5 million plus in order to do just that. It took their system down for somewhat of a year in order to do it, but so it can really wreak havoc on a dealer’s business, right?
Dean C.: That’s correct. It can be very, very impactful. Right? As you said, right? It could be days, weeks or even months before a system can be restored to its full previous operation integrity, right? This is what’s so difficult and why people are now in some cases choosing to pay the ransom versus try to exercise a recovery operation.
Jim Fitzpatrick: What it seem to me that if you pay the ransom, then you’re almost setting yourself up for it to happen again. I mean, they know that you’re an easy target and you’re willing to pay.
Dean C.: Right? I think this is so important to the viewers today, right? The preparation, the time that you invest to prepare for these things and yourself in a position to have a better and stronger control environment will help you prevent this possibility from occurring to your business.
Jim Fitzpatrick: Once someone determines that they’ve been attacked, what should be done?
Dean C.: Well, so there’s a few things that could be done, right? If we go back to the conversation about a backup, right? What we recommend is people have backups in place, right? That they have these in place and they store them off site, right? So one option if you are under attack and your system has been locked is to restore from backup, right? Restore your entire system. That could take days or weeks even, right?
Dean C.: Depending on how large the system is and how much has been actually encrypted or held hostage. Sometimes not all parts of the system are held hostage. It might be only a certain part, it might be the email system or it might be the financial system. So not always does a successful ransom attack occur that causes the entire system to be held hostage. It’s usually parts and portions of a system. So if you can determine what those parts and portions are, you can sometimes restore from a backup.
Jim Fitzpatrick: Sure. It seems to be big business out there, because very rarely do you hear about these people out there getting arrested and convicted for this kind of a crime, right?
Dean C.: Yeah. They’re very tricky as you say, Jim, right? So a lot of times these exploits are conducted through email, right? What’s called phishing, right? What happens often is these nefarious actors will take control of an email system at a dealer, for instance, right? We’ve seen this where dealers are running their own email systems, they haven’t protected themselves, they haven’t protected their email system sufficiently.
Dean C.: So the email system then becomes the way that the phishing attack and the ransomware is started, right? So if for instance, Jim, if you and I were emailing each other, right? We have a regular dialogue on email, what the nefarious actors will do is they’ll look for those conversations and they’ll do a reply all. Once they take control of your system, they’ll reply all or they’ll reply to Jim and it looks like it’s coming from me.
Dean C.: It’s very tricky often when they do this, right? It looks like a very legitimate email that you’re going to open and then maybe I’ve sent you a link or maybe I’ve sent you a file, you click on that link, you click on that file. That begins their process of now starting to exploit your system.
Jim Fitzpatrick: Yeah, so how is the risk reduced?
Dean C.: Good question, right? This is where we want people to really lean into this conversation, right? First of all, work with a reputable email provider, right? Especially if you’re a small dealer group, right? We recommend that you work with a third party email company that has what’s called a spoof or prevention of phishing, right? Technology, right? So they filter, they look for these things.
Dean C.: They protect their perimeters very effectively, often better than a small dealer group, for instance, can protect their own perimeter, right? They have the sophistication. They have the staff and the resources to protect that. So we recommend that, especially small dealer groups, go with a third party email system.
Dean C.: The second thing that we recommend is that you have a business continuity and disaster recovery plan, right? So a lot of dealers, we find don’t have these in place again and especially on the small scale. So you want to know what you’re going to do, you want to have a plan, right? That plan usually involves having a contract with a incident and event management firm.
Dean C.: These are [crosstalk] that are out there, the third party firms, you can put them on retainer and they provide forensic support. They also give you advice and counsel on how to keep yourself protected. They’ll do training with your staff. They have other programs like, “I’ll do test phishing against your community. So I’ll send you Jim, a test phish to see if you click on it. If you click on it, I’m going to ask you to go to some training or I’m at least going to have a conversation with you, right?”
Dean C.: To say, “Hey Jim, your behavior might not be in line with our expectations here. We want you to be really careful on these clicking.” The third line of defense would be malware protection, right? So every endpoint computer normally, but phones as well. The end points like computers especially that are connected to the internet or to systems that have access to the internet should have a malware protection program on them.
Dean C.: That will normally prevent a launch of an attack. Right? So if you clicked on that phishing that we talked about earlier, Jim and your computer is protected by a malware protection program, it will prevent that from going any further.
Jim Fitzpatrick: So you can foolproof your dealership. But it’s possible to prevent any of these attacks as long as these steps are being taken.
Dean C.: Yes. You can absolutely… Now, foolproof is a strong phrase, right? You got have-
Jim Fitzpatrick: Right. Because you hear about huge financial-
Dean C.: … multiple lines of defense.
Jim Fitzpatrick: Right? You hear about these huge financial institutions and these big retail operations Target and such, and you’re like, “Geez, what are they doing to prevent this?”
Dean C.: Yeah. It’s very tricky. I mean, think about it in some cases, right? Larger dealer groups for instance, might have thousands of endpoints. Making sure that that malware software is up to date and installed properly on thousands of end point devices can be a daunting task for some staffs, right? But it’s super important to make sure that that is a responsibility and accountability inside of your dealer group to make sure your malware protection is in place and being updated and managed properly.
Jim Fitzpatrick: Right. I would imagine it’s one of those things that while all of these companies are out there to help you, the crooks are out there working on their updates as well, right? I mean it’s a scary environment that we live in.
Dean C.: That’s right. They’re getting more and more sophisticated in how they handle these things. Then once they’re in, they’re getting more and more sophisticated on how they cover themselves and how they cover their tracks. Right?
Dean C.: So that some of the other detection devices that are inside of companies often like firewall protection and other things. Some of those are now becoming a little less effective. So it’s multiple lines of defense. Jim. I think that’s the key thing that we need people to understand in the call today.
Jim Fitzpatrick: Yeah, for sure. Do you know that an attempt has been made on a dealer group? Is that happening? Even though they weren’t able to succeed, you can tell from your end that these crooks have attempted to do this.
Dean C.: Yeah. So a lot of times what they’ve done is they’ve used the dealers’ email system to try to attack us, right. Where we see it, right? We see sometimes they’ve taken control of a dealer’s email system and then now they’re sending phishing into our personnel. Right? Expect one of our people to click on it. Right?
Dean C.: That’s where that malware protection really comes in handy. Right? It saves you, right? It’s a huge control. I can’t emphasize that enough. Malware protection on endpoint devices is probably one of the key lines of defense because any one of us can be spooked, meaning tricked. Any one of us can be tricked if they’re smart enough and how they’ve taken over a system.
Dean C.: Especially if there’s an open conversation occurring between, say you and I, Jim. It’s really easy for me to say, “I trust you. I’m going to click on the link. I’m going to click on the file that he gave to me.” That’s where that malware protection comes into play. It will detect that something has been, what we call detonated, on the system, and it’s going to stop that from going any further.
Jim Fitzpatrick: Wow. This could cost the auto industry millions and millions of dollars, can it?
Dean C.: It is. It’s something very, very important to take seriously.
Jim Fitzpatrick: Dean Crutchfield, executive vice president, and chief information officer at CDK global. I want to thank you so much for joining us on CBT news.
Dean C.: Thank you, Jim, for having us.
CBT Automotive Network, the number one most-watched network in retail automotive. This has been a JBF Business Media production.