Honda sadly becomes the latest high-profile target of a cyber security attack made public during COVID-19 lockdown; this could have easily been any other large organisation and we will unfortunately see others breached due to increased COVID-19 'lockdown-induced' cyber security vulnerabilities.
Before we start analysing the attack, let us just take a moment to empathise with Honda at what is an extremely difficult time for car manufacturers and now it got even harder for Honda; the Information Security community will gather around and offer support to Honda to supplement their existing resources and assist if called upon to do so, as always at such times of stress.
Most CISO's will have been contacted by their Executive Board by now, concerned that they could be the next set of Executives explaining an embarrassing cyber security breach, and wanting re-assurances from their CISO that this couldn't happen to their organisation.
This post is not a criticism of anything Honda, EasyJet, Travelex and countless other breached organisations have or haven't implemented; they all have good technology, process and people controls in place to prevent a cyber attack, but cyber security breaches still happen because vulnerabilities still exist despite the continuing best efforts of CISO's and their teams, and the prevalence of home working and the use of personal devices attached to home networks due to COVID-19 has just exacerbated the challenges.
This post is a reminder that even large respected organisations like Honda and EasyJet, assumed to be the best of the best when it comes to cyber security, are still vulnerable to well executed attacks, and it is opportune that we all remind ourselves to be constantly vigilant, keeping our eyes on the basics and continue to make sure everyone understands the role they have to play in securing their organisation, made doubly difficult by the impacts of COVOD-19.
In the light of Honda's breach, CISO's will now be focussing on the following activities as a minimum:
1. Talk to current trusted cyber security consultants about what short term vulnerability testing is recommended to replicate the nature of attack assumed to have been experienced by Honda
2. Scope out and implement vulnerability testing as recommended, and take immediate action to remediate all critical and high risks discovered, scheduling remediation of medium risks as soon as possible
3. Check current ransomware defences, including all critical system back-up and recovery capability, and bolster if necessary
4. Revisit and test business continuity, disaster recovery and incident response plans and processes, and update, republish and retrain where found necessary
5. Undertake a risk assessment on remote workers including exploring any concerns or challenges they have over keeping customer, colleague and corporate data secure whilst working at home
6. Retrain the remote workforce, especially focusing on phishing attacks and email and internet security, and provide tangible support to maintain levels of vigilance usually facilitated by being in an office.
UKDataSecure are just one of a number of trusted Information Security service providers and we would be proud to help Honda, EasyJet and any other organisation concerned over their vulnerability to a similar attack.
We look forward to being of assistance if called upon.