Toyota supplier cyberattack shows big vulnerability that small firms bring
01/03/2022 11:16
By Elaine Lies
TOKYO, March 1 (Reuters) - The cyberattack on a Toyota Motor
Corp 7203.T supplier that brought the automaker's domestic
production to a halt shows how more vulnerable small firms can
pose a big threat that Japan needs to do more to address,
cybersecurity specialists said.
No information was available about who was behind the attack
at supplier Kojima Industries Corp nor the motive, but it came
just after Japan joined Western allies in clamping down on
Russia after it invaded Ukraine. It was unclear if the attack
was related. urn:newsml:reuters.com:*:nL1N2V30UK
The cyberattack on Kojima exposed the fragility of smaller
companies that may have less sophisticated technical systems,
said Takamichi Saito, a professor and Director of the
Cybersecurity Laboratory at Tokyo's Meiji University.
"The big companies are pretty advanced with their measures,
but a lot of their sub-companies and sub-sub companies aren't.
Put that together with Japan's shift to manufacturing, and there
just aren't enough technical people to keep up - and within
companies, the IT sections don't have clout."
Cybersecurity has emerged as a key area of concern in Japan,
where government critics say responses to hacking threats have
been hampered by a fractured approach.
At smaller companies in particular, computer systems have
been often adopted piecemeal by individual firms, and have taken
longer to replace.
"Basically you can't get at any of the larger companies
directly, so you aim for one of the suppliers at their edges,
and attacks have been increasing lately," said Yoshihito Takata,
a manager at cybersecurity provider BroadBand Security Inc
4398.T .
"These sorts of attacks don't just take place from 9 to 5 on
weekdays, it's 24-hours a day, 365 days a year, from all around
the world. So there's limits to what one company alone can do."
Toyota declined to comment on whether it had detected early
signs of a potential cyberattack.
Smaller companies need to have a better grasp of what is
needed for security, and that's where Japan most lags behind its
overseas peers, said Toshio Nawa, senior analyst at the Cyber
Defense Institute, a private cybersecurity firm.
"The larger companies and outside observers need to go in
and give pinpoint advice on where they're vulnerable," he said.
Both guidance and financial support are needed from the
central government, Nawa and others said. Some regions already
provide this, but it needs to be more comprehensive.
"What Japan's furthest behind in is this situational
awareness, due to a lot of thinking still left over from the
past, companies sticking to what worked well before," Nawa said.
(Reporting by Elaine Lies; Additional reporting by Rocky Swift
and Satoshi Sugiyama; Editing by David Dolan and Muralikumar
Anantharaman)
((elaine.lies@thomsonreuters.com; +81-3-4563-2748; Reuters
Messaging: elaine.lies@thomsonreuters.com))