Get the inside scoop with LoginTC and learn about relevant security news and insights.
March 04, 2022 •
Imagine you’re the owner of a manufacturing company. You produce thousands of products a day and store valuable information on your servers. Then all of a sudden you get notified of a data breach from one of your suppliers and your information has been affected yet again. Scrambling to figure out the source, you’re losing money and product. This is exactly what happened to Toyota on Tuesday.
This attack however, was not a direct hit through Toyota, but through a third party domestic supplier. So exactly how did this happen? Let’s break it down.
We’ve discussed a lot about data breaches and how they can occur in all industries, especially in manufacturing. We’ve also discussed how just leaving one vulnerability within a company can lead to further damages that did not need to happen in the first place. The Toyota data breach is a prime example of what we’ve said not to do. This is not the first data breach against Toyota but is the most recent.
First let’s start with how the manufacturing industry has been affected by cyber attacks. In the past 10 years, manufacturing made up the largest percentage of cyber attacks in any industry. The most common attack however, is vulnerability exploitation at a whopping 47% more than any other type of cyber crime. What does this tell us? This tells us that MFA is not being implemented to every single user in a company, and as we mentioned before, just one user not having MFA, can lead to a potential hack. Manufacturing companies much like Toyota, store a lot of private information in their servers, including client information, bluetooth, GPS tracking etc. making them a prime target for hackers.
Alongside the manufacturing industry, the supply chain industry is also a big target for cyber attacks as they deal directly with manufacturing. Manufacturing alone makes up 23% of the top 10 industries that fall victim to cyber attacks. The supply chain industry is heavily reliant on technology, especially in 2022. Many industries are starting to ramp up cyber security protection but supply chain and manufacturers seem to be a step behind. Nearly 80% of breaches reported occur in supply chain networks. With the increase in disruptive technologies such as driverless vehicles and robotic processing information, the line between what needs to be protected and what doesn’t is blurred. What people fail to realize is that every step of the supply chain process needs to be protected. You can’t pick and choose what gets protected and what doesn’t. Cybersecurity protection needs to be company wide not department specific.
So how exactly did Toyota fall victim to a data breach? Well, the answer is fairly simple: Vulnerabilities.
The initial breach resulted from a plastic manufacturer that is a direct supplier to Toyota, which had a critical vulnerability in their system. It is likely that the account that the hackers used to gain access to Toyota didn’t have MFA protection. It is also likely that Toyota themselves did not have MFA protection. In addition to the initial breach, it is believed that hackers also hacked the supply chain that dealt directly with Toyota’s Australian subsidiary, in order to gain access into the Japan headquarters. Just like the Japan breach, there was a vulnerability through the supplier. Because of this one vulnerability, Toyota now suffers by having to stop their production. The data breach is deemed to not have affected customers financial data however it is still unknown as to what information the hackers had access to.
What have we learned from the Toyota data breach? Well, we’ve learned that MFA is critically important and should not be overlooked. We learned that just one small vulnerability can lead to a major issue. We also learned that when every aspect of a supply chain or manufacturing process isn’t protected with MFA, there’s room for hackers to gain access to important information and cost the company thousands if not millions.
Protect your company from a costly cyber attack and contact us today to find out how our MFA solution can help you!