Auto dealer outage drags on

It's that CDK has hired the cybersecurity firm Unit 42 at Palo Alto Networks to handle the response to this incident. So we're learning more as we go along here. Let's also bring in two industry players now who are in Sea Island, GA today for a large auto dealership conference there. Brad Holton of Proton Dealership. IT joins us. And John Heiser owns 4 dealerships in North Carolina. Gentlemen, thank you for joining us from Sea Island. John, let me start with you. You're at this conference in Sea Island. Can you give us a sense of what the mood there is? What are people saying about this hack and its impact on their business? Well, you know, I first thanks for having me. I, I would say that the, the concern up to this point has been limited because, you know, a few days here, a few days there, not a big deal. But when you start talking about months close, especially for public traded companies, it's a, it's a big deal. So, so you're starting to see some people get more concerned as the time rolls by. Brad, what do you make of this notice that we just saw from CDK? They put out this statement to their customers saying, you know, June 30th is now in question. If you need to make alternate plans, go ahead and do that. What does that tell you as a cyber security advisor to auto dealers about how serious this is? Well, I mean, anytime you have a ransom or event, you're going to have to figure out the ways of recovering from that. And that's a long process. You can't just say, OK, we're done, we turned it back on, everybody get access to it. You've got to do a forensic analysis to figure out how someone got in, make sure you've got everything cleaned up. In this case, you've got to do a lot of data, data integrity checking to make sure that the data that the dealers put in there before the incident is the same data that's there now. You've got to get third parties to audit all that. So it's a long process. Even if you're, you know, you've got everything stood back up in a lab environment and you kind of got passed out, there's still a long, long way to go before you're actually back to a production environment. John, I think the thing here is that, you know, people don't tend to blame companies for cyber attacks. You know, you're the victim of a crime if you got hit by a cyber attack. Everybody gets that. But I think people do get concerned about the way companies respond to cyber attacks. How do you think the dealership community feels about CDK now, their response to this attack so far? And do you think dealers are going to look for ways out of their CDK contracts and look for other alternatives? You know, I don't think it's to that point yet. I, I, you know, certainly as we find out more information, you know, where they did, they make all the right decisions for, for protecting us. I, I don't know that and we'll know that we'll know more about that as time goes by. But as of right now, I think everybody understands that this could happen to anybody and, and, you know, it could happen to us. And, you know, when you look at what it did in the banking business and MGM and some of the other companies out there, you know, it can happen to anybody. So, so we're not ready to put a dagger in them yet. I mean, I think we got to give them a chance to do all the right things and, and, and recover as fast as they possibly can. So, and do we know whether you call this a ransomware attack? And clearly it must be. Do we know whether ransom has been paid? Do we know how much it was paid? And do we have any assurance, does CDK have any assurance that even after paying the ransom that they will be spared a a second or maybe several more attacks from other ransom seats? All we know is you know what's been disclosed by CDK, which is very little. They did mention ransom in one of their updates. That was only in one update. You know, there's been speculation that you know, you've got black suit involved. Black suit is a well known threat group that's been around for about a year now. They were previously part of Conti and Royal, some other groups. So typically when they're paid, they do decrypt, but once again, getting the decrypter is the first stage and then you've got to get through decrypting and all the data integrity things. Would they be likely to be attacked again? Probably not by black suit, but anybody can attack anybody at any time. And I think every, you know, every company in the automotive industry and really every company and almost all of our major industries are being attacked constantly. I mean we're seeing thousands and thousands of attacks every single day. So nothing says that this is going to be a one time thing for any vendor out there. Brad, you've got pretty good visibility into this whole industry of auto dealers. I wonder if you could give us a sense of what this means for the private equity firm that bought CDK just two years ago. You know, we saw this statement from Brookfield Business Partners. They paid more than $8 billion for this company. Is this event having a material impact on the value of that investment or do you think they're going to be able to ride this out and ultimately flip CDK, merge it, have some kind of successful exit for that investment going forward? Brad, I'm going to have to defer back to John's statement. You know, I think that the dealers understand, you know that things happen and it could happen to anyone, it could have happened to any vendor. So I think we just have to wait and see, you know, kind of what the what the response is, what the long term effect on the dealership market is and how things are handled from here. And John, I'm, I, you know, I'm fascinated by, you know, human ingenuity in a crisis. I imagine that there are all kinds of very clever workarounds that people are doing to try to figure this out. I mean, there are probably not that many people on sales floors anymore who remember how to fill out forms and triplicate and use carbon paper and all that stuff. But what are some of the clever things you're seeing people do to figure out their way around this in the absence of this software? Now, you know what, what we've seen is kind of cool. You know, at first it was kind of, you know, what are we going to do? And, and pretty quickly our vendor partners like assurance and route one and and Ally have come up with back doors to do E contracting. So, you know, it doesn't completely disrupt your business. Of course it slows it down, but but we do have a way to to contract a customer so that they can buy the vehicle that they choose. You know, I think parks is going to be the the most frustrating part of it because everything that you do today has to be re entered into the system or recreated and, and making sure that that's all accurate. And and you know, you're going to have to do that just to be able to do a financial statement, yet alone your inventories and all those things that that are, are, are exposed by this. So yeah, we've had to, you know, PDF forms and and and do other things, but it's kind of cool that everybody pulls together and and finds a solution And and so far we we have been less harm than you would think. Yeah.