Tego

Toyota Test Intrusion Highlights Importance of Supply Chain Cybersecurity

A “backdoor” to car manufacturing giant, Toyota’s, Global Supplier Preparation Information Management System was discovered by a researcher known as EatonWorks earlier this month. The information management system is used as Toyota’s supply chain management application by both employees and suppliers alike to manage the inventory of various parts and vehicles. The so-called “backdoor” allowed anyone to access the system via an existing account so long as the individual knew the email used to access the system. This means that anyone who had ever emailed a Toyota employee who had access to the information management system could theoretically gain access to the system if they so chose.

Thankfully, this was found via a test intrusion rather than by a malicious actor breaching the site. In that testing of the vulnerability, the researcher discovered that he could access things like supplier information, internal projects, and even confidential documents used by members of the car manufacturer’s site. Toyota responsibly resolved the issue within 20 days of being notified of it back in November of 2022.

This particular incident highlights the importance of proper cybersecurity measures being an absolute necessity for the supply chain industry. Below are some helpful tips to be aware of when it comes to protecting supply chains of any size.

Conduct a supply chain risk assessment – As with anything related to cybersecurity, preventative measures are the preferable way in which issues should be handled. It’s better and more cost effective to prevent an attack than to have to respond to one. One way to help prepare your company for operating in the online realm where cybersecurity threats are always looming is to conduct a supply chain risk assessment to determine where vulnerabilities lie within your organization. Finding the vulnerabilities before the malicious actors of the world do allows your company to work with the internal IT team or external cybersecurity professionals to patch those vulnerabilities and strengthen your supply chain’s defenses before an attacker strikes.
Only work with reputable companies who also prioritize strong cybersecurity measures – The saying “you’re only as strong as your weakest link” is often looked at through the lens of internal assessment where a company is only as strong as it’s greenest employee; however, this also applies to other companies that your business works with in the supply chain process. Be sure to work only with suppliers that have strong cybersecurity measures in order to protect your crucial company and customer data.
Limit access to only those with a need-to-know – In the same vein as the last tip, ensure that all folks who have access to the supply chain databases at your company have a need-to-know. Limiting this access only to necessary individuals helps to reduce your risk of vulnerabilities such as human error. This allows for improved and strengthened data management and helps protect your business.
Create an incident response plan – Just as a risk assessment is essential for your business developing a preventative cybersecurity plan, it is important to come up with a plan of action in the event an attack does impact your business. This involves determining who is on the incident response team, what data is top priority for retrieving, and more - keeping up-to-date backups of your data is an incredibly helpful step to take so that the incident response team does not have to start from scratch.

Image by Freepik.

‍