The Toyota cyberattack serves as a warning in these volatile times


The reports of Toyota, the world’s largest car manufacturer, having to shut down 14 factories and 28 production lines for an entire day due to a cyberattack serves as a warning in these volatile times. While the manufacture of cars is not necessarily critical to societies, it’s a warning of how cyberattacks can influence ‘in real life’, not limited to leaks of digital information or systems being held for Ransome.

When production lines are halted, and workers have to stay at home, we have to carefully consider whether we have done enough to protect our digital infrastructures. With some 180,000 people employed directly in automotive manufacturing in the UK and in excess of 864,000 across the wider automotive industry, this is a crucial industry to protect.

The attack on Toyota also serves as a reminder that global industries are entirely dependent on a very long and potentially vulnerable supply chain to deliver components just-in-time. It is not enough for Toyota to have high cyber security standards; manufacturers also have to ensure that their supply base adheres to the same standards to secure the chain. The Emotet malware string suspected to be the cause of the Toyota breakdown, possibly through a sub-supplier, is a tricky piece of malware. But it has been around for years, and its signature is well-known to cybersecurity teams. While it’s constantly evolving, it can be detected and fought off using the right SIEM and SOAR tools.

Production lines everywhere, particularly in the automotive industry, are increasingly connected through IoT devices to ERP systems like SAP, often left out of the cybersecurity infrastructure. A gap in systems and teams separates them, you may say. These business-critical applications must not be forgotten and should be included in the overall cybersecurity infrastructure. In the UK, the automotive industry has an annual revenue of almost £80 billion and a £15 billion value to the UK economy. Any industry leader should take a good look at the connection between production lines, IoT devices, and ERP systems, and make sure security is not caught in the gap.