CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations.

For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.

  • Flying Squid
    link
    -46 months ago

    Maybe I’m being silly because I’m not in IT, but it would seem to me that one of the ways to avoid this sort of thing happening would be a diverse array of software to choose from rather than everyone using the same one. I don’t think compatibility should be an issue any more than it is for OpenOffice to be able to open Microsoft Word files. We’re not generally talking about complex interactions here, are we? It’s usually database info that can’t be access, isn’t it? But I don’t hear about diversification as a solution.

    Please do explain to me what I’m missing because I feel like I’m missing something.

    • @satanmat
      link
      86 months ago

      Ah we cross paths again…

      diverse array of software

      Nope the bosses want us to use one of the largest platforms because those are the best supported… usually

      Also security; in many places, IT is a cost rather than being seen as an investment… car dealers want a nice building because that attracts people— fsck IT, it doesn’t attract people to buy cars…

    • @MehBlah
      link
      56 months ago

      All major car franchises have their own systems. I’ve been away from car dealerships for a while now but they all use similar systems and for the most part the cheapest service is always the choice. The dealerships all have differing but competent standards when dealing connections to the cooperate head quarters but everything else is a crap shoot of poorly considered decisions driven by cost and only cost. Not that the hole that the crooks used were probably through the a dealership but its possible since I know how obtuse certain groups are at dealerships.

    • @gedaliyahOPM
      link
      English
      56 months ago

      There are a lot of industries that have niche software needs. It’s hard for a competitor to break in because the market is only so big and it’s better to have something standard and time tested.

      Interoperability is often limited to a one-time database migration, and often requires a specialist to do a lot of the transfer manually.

      I don’t know if that’s the case with this software because it’s not my industry, but I’ve dealt with similar issues. You’d be surprised how much of the world still runs on AS/400

    • Avid Amoeba
      link
      fedilink
      2
      edit-2
      6 months ago

      It’s the same problem with every other monopoly. Everyone wants it, both shareholders and customers. It’s objectively more efficient to standardize on the same equipment or software, train workers on it. It’s better for workers too since their skills are transferrable. It’s only bad when the negatives show up, such as price gouging by the shareholders, or them cutting corners in quality or security. But my point is that not going with a single vendor isn’t free on all sides of the equation, it requires work, which is why on average we tend to prefer monopolies even as consumers.

      To put it bluntly, I really don’t want to have to think about grocers profit margins and prices after having worked 9 hours. I just want to get fucking eggs and bread from the store nearby. I don’t want to drive or bus ride to another one. It won’t happen. And that’s why it doesn’t. The assumptions about the individual (constantly shopping around for the best price) in the mainstream microeconomic theory are just wrong. This translates into small businesses (not only) shopping for their dealer sales software system.

      • Flying Squid
        link
        16 months ago

        You make a lot of good points. I wasn’t really thinking about it from an economic perspective, just a security perspective.

        • @[email protected]
          link
          fedilink
          English
          46 months ago

          Security doesn’t make money. They will have lost sales due to this event, but not nearly as much as they saved by skimping on security.

          And they haven’t actually lost that many sales, either. If you’re going to buy a car, you’re going to buy a car. If the place is closed, you’re going to come back later. Few people are going to go to a competitor if they’ve already made their choice of brand. And even fewer are going to decide not to buy a car at all over this event.

    • Admiral Patrick
      link
      fedilink
      English
      2
      edit-2
      6 months ago

      I was about to comment similarly.

      This is why I always advocate against cloud and “always connected” services for critical line-of-business software (and software for personal use, but that’s a slightly different but also similar argument).

      I’m unclear if CDK is a cloud service that’s offline for customers, but it sure sounds like it. The other possibility is a supply-chain attack which affected local installs, such as what happened with SolarWinds a few years ago, but with that many dealerships being simultaneously affected by CDK shutting down their systems, it seems more like the former.

      one of the ways to avoid this sort of thing happening would be a diverse array of software to choose from

      In an ideal world, that would be the case. But as is often the case with niche business software, there’s usually only a few players (if that many), and any newcomers are either bought out or can’t compete.

      • Flying Squid
        link
        16 months ago

        Isn’t that monopolistic though? I realize this is a pipe dream, but wouldn’t it be theoretically possible to use the law to stop that?

        • Admiral Patrick
          link
          fedilink
          English
          2
          edit-2
          6 months ago

          I don’t know much about the market for car dealership software, but I work for a non-profit that deals with environmental remediation. Finding LOB software that meets our needs is an absolute nightmare because it’s so niche. What we can find is either crazy expensive, doesn’t do what we need it to do, is from some terrible fly-by-night vendor, or some combination of those. So when you do find something that mostly meets your needs, you pretty much have to take what you can get.

          The government can incentivize or contract out companies to write software, but AFAIK, they can’t compel any company to do so. IANAL, but I would also assume they’d need to stop approving any M&As that may be contributing to market consolidation

          You basically nailed it with “pipe dream”.

          • Flying Squid
            link
            16 months ago

            I guess the only other option would be for the companies to write the software themselves, which they don’t have the time or the money to hire people to do, I’m sure.

            • Admiral Patrick
              link
              fedilink
              English
              2
              edit-2
              6 months ago

              Right.

              In reality, we’d end up with about a million Access “databases” (or Excel files) getting emailed around, lost, stolen, corrupted, etc (ask me how I know that lol).