The reports of the stoppage of production in 14 factories and 28 production lines at Toyota due to a cyber attack are a warning.
Tim Wallen, Regional Director UK&I at LogPoint
Even if the production of cars is not necessarily socially critical, the attack makes it clear how cyberattacks can affect “real life”, and not only on the leakage of digital information or on systems that are taken hostage. When production lines are at a standstill and employees have to stay at home, companies have to carefully check whether they have done enough to protect their digital infrastructures. With around 180,000 employees in British car production and more than 864,000 in the entire automotive industry, this is an important industry that needs to be protected.
The attack on Toyota is also a reminder that the global industry is completely dependent on a very long and potentially vulnerable supply chain to deliver components just-in-time. It is not enough for Toyota to have high cybersecurity standards; manufacturers must also ensure that their suppliers comply with the same standards in order to secure the supply chain. The Emotet malware string, which is suspected to be the cause of the Toyota breakdown and may have been introduced via a supplier, is a delicate malware. However, they have been around for years, and their signature is well known to cybersecurity teams. Although it is constantly evolving, it can be detected and combated with the right SIEM and SOAR tools.
Production lines everywhere, especially in the automotive industry, are increasingly connected to ERP systems such as SAP via IoT devices, which are often excluded from the cybersecurity infrastructure. A gap in systems and teams separates them. These business-critical applications must not be forgotten and should be integrated into the entire cybersecurity infrastructure. Every industry leader should take a close look at the connection between production lines, IoT devices and ERP systems and make sure that security does not fall by the wayside.