Toyota announced its second data breach on Friday last week, making it the second cyber-security incident the company acknowledged in the past five weeks. While the first incident took place at its Australian subsidiary, last week’s breach was announced by the company’s main offices in Japan.
Toyota said that hackers accessed servers that stored sales information on up to 3.1 million customers. The carmaker said there’s an ongoing investigation to find out if hackers exfiltrated any of the data they had access to. Toyota said the servers that hackers accessed stored sales information on up to 3.1 million customers. The carmaker said there’s an ongoing investigation to find out if hackers exfiltrated any of the data they had access to.
Experts Comments Below:
Anurag Kahol, CTO at Bitglass:
“For a company that has suffered two significant data breaches in five weeks, Toyota must take swift and effective action not only to strengthen its security, but also to try and restore the trust of its customers. The company’s initial statement after the second breach pledging to ‘thoroughly implement information security measures’ is not encouraging. The simple fact that a second breach occurred raises questions about which kinds of security measures, if any, the company has implemented thus far. A global enterprise like Toyota must leverage advanced security solutions appropriate for its massive scale and complex IT infrastructure. Additionally, it must make the shift to a more proactive approach to security. Waiting to take action until multiple breaches occurred is simply not acceptable.”
Jonathan Bensen, CISO and Senior Director at Balbix:
“Toyota’s recent data breaches highlight the fact that global enterprises do not have ample visibility into their massive networks and infrastructure, and therefore are not able to take proper actions to avoid data leaks. The car maker has made statements to try and reassure affected individuals that financial information was not exposed. However, any breach of personal identifiable information (PII) is reason enough for customers to be alarmed. Toyota must also understand that sometimes it is not just about the type of data that was breached, it’s also a breach of trust. Suffering multiple security incidents within such a short time frame can significantly affect company reputation.
To prevent future incidents, Toyota must take into consideration the fact that analyzing and improving enterprise security posture is no longer a human scale problem—especially for such a large enterprise. To best combat cyber threats, global organizations must implement security tools that use machine learning and automation to monitor their enormous attack surfaces and vast IT asset landscape to proactively identify and address security vulnerabilities to mitigate the risk of future breaches.”
Chris DeRamus, CTO at DivvyCloud:
“According to the Organisation Internationale des Constructeurs d’Automobiles, Toyota is the third-largest automotive manufacturer in the world. That being said, suffering two data breaches within a span of five weeks should come at no surprise to the company. Toyota said that they are taking this incident seriously and will thoroughly implement information security measures at dealers and the entire ToyotaGroup, however there should have been security tools and plans in place already to proactively avoid cyberattacks in the first place. Data is the new oil in our digital era and companies should be doing everything they can to protect it.
Global organizations must balance their use of modern technologies (i.e. public cloud, containers, hybrid infrastructure, etc.) that are essential for maintaining a competitive market stance with the need for proper security controls. Leveraging automated security solutions that allow for seamless and continuous policy enforcement provides companies with the framework to successfully reduce risk and maintain compliance across their entire environment.”
Warren Poschman, Senior Sales Engineer at comforte AG:
“The recent hacks at Toyota and its subsidiaries shows us that no data is exempt from being targeted by attackers. With no decrease in APTs on the horizon, the only security is adopting a data-centric security model that actively protects the data, not just the systems or the perimeter. In this case, if Toyota had focused on data-centric technologies such as tokenization, any exfiltrated data would have been useless to the attackers. Simply put, the 2010-era model of focusing on passive disk and database encryption, firewalls, DLP, and IPsec, and other technologies are not sufficient to protect the enterprise in 2019. Only active, data-centric protective measures will ensure that data is protected at rest, in motion, in use regardless of who accesses the data.”
Byron Rashed, Vice President of Marketing at Centripetal:
In reality, it comes down to knowing the threat landscape and the source of the threat. Bi-directional blocking of incoming known threats, and containing internal outbound malicious activity and mitigating that threat, would have prevented this breach from occurring. In a supply-chain ecosystem, it is just as important to ensure that the supplier’s network is safe and secure as well as the company doing business with them.”
.
Colin Bastable, CEO at Lucy Security:
“I expect that Toyota’s Japanese customers are collateral damage in an attempt to steal Toyota’s intellectual property. Toyota’s response, saying that they will implement additional security measures, reminds me of the recent Airbus attack and their similar remedial approach to cyber security.
All businesses which hold valuable IP should assume that they will be attacked. Unfortunately businesses seem incapable of learning from other’s experiences, and must become victims in order to adapt.
Whilst the technology and policies to prevent such attacks are well established, people remain the weakest link in most companies’ cyber security armor. Unfortunately, few Japanese companies train their staff to protect against phishing attacks.
Japanese society is built on trust which makes for a cohesive nation but also makes employees susceptible to phishing techniques such as email spoofing.”
Paul Bischoff, Privacy Advocate at Comparitech.com:
“Although it says no customer financial information was breached, Toyota should immediately disclose what types of records the hackers accessed. Until then, driver’s can’t know what actions are appropriate to take in order to protect themselves.”
.
Tim Erlin, VP, Product Management and Strategy at Tripwire:
“There’s more to learn after this initial disclosure. The methods and tools used by the attackers aren’t currently known to the public. Toyota will continue their investigation, no doubt, but whether further information is actually shared with consumers and the public remains to be seen.
We don’t know if these two incidents are related, but it’s difficult to say definitively that they are not without more information.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.