Toyota supplier cyberattack shows big vulnerability that small firms
bring
Send a link to a friend
 [March 01, 2022] By
Elaine Lies
TOKYO (Reuters) - The cyberattack on a
Toyota Motor Corp supplier that brought the automaker's domestic
production to a halt shows how more vulnerable small firms can pose a
big threat that Japan needs to do more to address, cybersecurity
specialists said.
No information was available about who was behind the attack at supplier
Kojima Industries Corp nor the motive, but it came just after Japan
joined Western allies in clamping down on Russia after it invaded
Ukraine. It was unclear if the attack was related.
The cyberattack on Kojima exposed the fragility of smaller companies
that may have less sophisticated technical systems, said Takamichi
Saito, a professor and Director of the Cybersecurity Laboratory at
Tokyo's Meiji University.
"The big companies are pretty advanced with their measures, but a lot of
their sub-companies and sub-sub companies aren't. Put that together with
Japan's shift to manufacturing, and there just aren't enough technical
people to keep up - and within companies, the IT sections don't have
clout."
Cybersecurity has emerged as a key area of concern in Japan, where
government critics say responses to hacking threats have been hampered
by a fractured approach.
At smaller companies in particular, computer systems have been often
adopted piecemeal by individual firms, and have taken longer to replace.
"Basically you can't get at any of the larger companies directly, so you
aim for one of the suppliers at their edges, and attacks have been
increasing lately," said Yoshihito Takata, a manager at cybersecurity
provider BroadBand Security Inc.
[to top of second column] |
Toyota logo is seen in Tokyo Motor Show in Tokyo, Japan October 24,
2019. REUTERS/Soe Zeya Tun/File Photo
"These sorts of attacks don't just take place from 9 to 5 on weekdays, it's
24-hours a day, 365 days a year, from all around the world. So there's limits to
what one company alone can do."
Toyota declined to comment on whether it had detected early signs of a potential
cyberattack.
Smaller companies need to have a better grasp of what is needed for security,
and that's where Japan most lags behind its overseas peers, said Toshio Nawa,
senior analyst at the Cyber Defense Institute, a private cybersecurity firm.
"The larger companies and outside observers need to go in and give pinpoint
advice on where they're vulnerable," he said.
Both guidance and financial support are needed from the central government, Nawa
and others said. Some regions already provide this, but it needs to be more
comprehensive.
"What Japan's furthest behind in is this situational awareness, due to a lot of
thinking still left over from the past, companies sticking to what worked well
before," Nawa said.
(Reporting by Elaine Lies; Additional reporting by Rocky Swift and Satoshi
Sugiyama; Editing by David Dolan and Muralikumar Anantharaman)
[© 2022 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
