In a statement released on the 29th of March 2019, Toyota announced they had been hit by an attempted cyberattack, that potentially affected 3.1 million people.
Back in 2019 Toyota fell victim to several attempted cyberattacks, these cyberattacks came during a time when their IT systems were in a 'vanilla' stage, being built and were incomplete. Toyota was in the process of rebuilding its IT support systems and management databases when the attacks hit.
Toyota was also in a transition phase between IT support providers, moving from a basic provider to a more suitable provider. Unfortunately, their central list of IT assets and how they were interconnected - was under repair when attackers struck.
“We had a pivotal moment a few years ago, where we had a cyber incident, and we had to proactively pull down our network essentially and rebuild,” said Michael Mirabito, IT Infrastructure Manager at Toyota.
“I won't talk about those times, because I remember the long days and lack of sleep. We did a really good job from an IT perspective to get it up and running really quickly but it was painful."
“And I can tell you now, it made us realise how important the CMDB (IT helpdesk systems and configuration management database) is. We wished that we had a better CMDB at that point because it would have made that rebuilding process better".
“Unfortunately, because we didn't, we had unknown infrastructure out there, we had apps and services that we didn't know how they connected together, and knowledge within the business had been lost over time."
“We had to just scramble at that point and work as well as we could together to rebuild and get the information that we needed.”
In their recovery, Toyota implemented a software asset management (SAM) platform to keep track of paid licences and to challenge users whose licences sat unused for an extended time.
“We could immediately see who was using licences and who wasn’t, and more importantly we could see that people hadn't used licences in two years, yet we were still paying for it,” Mirabito said.
“We also identified software that people shouldn't have even had on their machines, and we were able to immediately save money because we removed licenses that weren't being used.”
Toyota's recovery led their IT support team to servers they didn’t know existed, and to repair systems that had been long-forgotten by the people that originally set them up.
The Importance of Documentation & Systems Maintenance
IT support administrators often groan at the thought of documentation, while it can be a monotonous task, the role the lack of documentation played in Toyota's cyber breach is a good example of why it is vital. How can you protect your IT assets if you don't know what assets you have?
Keeping your systems maintained, patched and up to date is a low-cost way of bolstering your cybersecurity. Hackers can quite easily exploit systems that aren't maintained, so it is important to stay on top of your patching. The recent zero-day vulnerability in Apple devices is a good example of this.
What is a Cyber Breach?
It is considered a cyber breach when part of your business is accessed unlawfully. This could be an ex employee logging in, or a hacker gaining access to your systems.
If you have a cyber breach you may be legally required to notify the Australian government. Failure to notify can result in fines of $360,000 for individuals and $1.8million for businesses.
It's important to have the right measures in place to identify if you have had a breach, and if you do, what steps to follow to notify the right parties.
We recommend creating an Incident Response Plan for your business, your company lawyer, IT support team and leadership teams should be involved in the developing the plan. Once it is created we recommend doing a practice run so in the event that you do have a breach, you are well prepared to invoke your plan.
Check out our free template to get started.
How Can I Protect Myself?
For individuals, there are a lot of things you can do that don't require a lot of investment. Most computers today come with the ability to encrypt, check out our guide on how to set up encryption. Choose an anti-virus platform that is right for you, and has extra features, check out our guide to buying the right antivirus.
Besides the technology read through the government's little black book of scams to get familiar with what a scam email or website could look like. Your best defense is arming yourself with the knowledge of how to identify something malicious.
How Can I Protect My Business?
Education and proactive prevention are key. Ransomware commonly enters a business through malicious emails so, having an email filtering and ‘containerisation’ platform in place is step one.
Ensuring you are in compliance with the Australian Government's ASD Essential 8 security recommendations is your first step. We have a cybersecurity team that was built with the ASD Essential 8 principles at it's core and would love to secure your business.
Technology is advancing all the time and there are some relatively inexpensive and 'quick wins' you can implement to be protected:
- Audit and create a list of all your business applications, and their security features (you can use this template to get the job done)
- Foster a cybersecurity culture in your business
- Turn on encryption for all of your computers
- Educate your team on how to identify a scam
- Follow these 5 steps to stay safe online
- Check out this post on keeping your remote workforce safe
- Talk to us about dark web scanning
- Check your insurance to see if you have cybersecurity insurance included
Cybersecurity is talked about a lot today, and for a good reason. It can be really easy to fall victim to a cyberattack, it's not just big companies that are targeted. Your best defence is education and awareness, with technology as your backup, knowing how to identify something malicious is the best way to keep you and your business safe online.
Our cybersecurity team across Melbourne, Sydney and Brisbane can help you assess whether you have the right measures in place, and what else you can do to stay safe online, get in touch to learn more.