Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Commentary on Toyota breach

August 2024 by Guido Grillenmeier, Chief Technologist, Semperis

The commentary from Guido Grillenmeier, Principal Technologist, Semperis in response to Toyota confirming it was breached.

The Toyota data breach is yet another stark reminder that the world’s largest companies oftentimes have the biggest targets on their backs. There is evidence in this breach that the threat actors targeted the company’s Active Directory, using a scraping tool to elevate their privileges, gather further credentials and information about the network with the goal to extract vast amounts of data. It doesn’t surprise me that the attackers breached one of Toyota’s U.S. dealerships given how vast their footprint is with more than 1,500 locations in the U.S. and 200 global distributors.

The one constant that does exist in cyberattacks is the criminal intent of the threat actors. They are coldblooded and typically motivated by financial gain. Unfortunately, as is the case in approximately 90 percent of cyberattacks, identity system compromise occurs, most often Active Directory or Entra ID, which stores the crown jewels of a business by managing all permissions to a company’s data. Can organisations prevent breaches like this one from happening in the future? The answer is yes, and it does start with having an assumed breach mindset, because let’s face it, breaches will occur, and no public or private organisation is immune or entirely secure.

Today, it is essential to build operational resiliency into your business plans so that when threat actors strike, you can limit disruptions and keep systems running. There’s no silver bullet that will solve the cybersecurity challenges facing organisations. First, identify the critical services that are "single points of failure" for the business. If critical services go down, then Toyota or other organisations could be taken offline. Have a plan for "what to do if". That includes a robust backup recovery and response program to ensure that if they were also victimised and data is encrypted, they can access their backup data.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts