Jaguar Land Rover (JLR) continues to dig out from a cyber incident that shut down production last week. The company yesterday issued a statement that said it is working “around the clock” with third-party cybersecurity specialists to restart the automaker’s global applications.
The company now believes that some data was affected by the breach and is informing the appropriate regulators. JLR plans to alert everyone impacted by the breach.
The Guardian reports that production at JLR and dozens of suppliers remains on hold. The disruption could cause a ripple effect expected to last through next month, and workers at JLR and its suppliers have been told to stay home in the interim. The damage could be far-reaching, and the company could be digging out from the attack for months.
Ransomware and data privacy expert Dr. Darren Williams, founder and CEO of BlackFog, told Industrial Equipment News (IEN) it typically takes several months to remediate an attack once the scope of the problem has been identified. Williams said a fix typically requires new tools and procedures to ensure it doesn’t happen again, though this is at least the second time this year that JLR was targeted by a cyberattack.
Williams said the costs to deploy new tools and operations could easily run into six figures very quickly. However, those costs might not take the biggest toll on the ledger. He said, “The bigger question will be if there are any regulatory or litigation events to overcome, which can cost even more than the remediation itself, typically in the 40% to 50% of the cost.” Depending on JLR’s level of sophistication in dealing with cyberattacks, Williams said it could be nine to 12 months before the automaker is fully operational and more secure.
According to Williams, the confirmation that data was compromised as well as the severe disruption to operations “should come as no surprise.”
“The Scattered Spider group has claimed responsibility, and data exfiltration was a significant part of its previous attacks,” Williams said. “Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web, but can also be used in identity theft and targeted attacks. Data exfiltration is now the primary MO of these ransomware gangs, and organizations must concentrate their defenses on stopping intruders from accessing and stealing their mission-critical information.”
JLR said it will continue to provide further updates as the situation progresses.