Jaguar Land Rover (JLR) has “extended the current pause in our production” until September 24 as it struggles to recover from a devastating cybersecurity incident that has left suppliers at risk of business failure.
Professor David Bailey, of Birmingham Business School, estimates that JLR is losing £5 million profit per day because of the shutdown of its systems. The Telegraph puts the figure at £72 million daily in lost sales.
Union Unite said today that workers across the JLR supply chain (which supports 100,000+ UK jobs) are being told to apply for universal credit.
JLR said: “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time…”
Critics have hit out at its slow recovery.
As Rob Smith, managing director of MSP Techzura put it on X: “I've dealt with enough breaches to know, if your DR [disaster recovery] plan lets an attack cripple live ops, backups, and recovery, it's not fit for purpose, plain and simple. A giant like JLR should have air-gapped, tested failover, not this scramble that's costing £5m a day and risking 100,000 jobs…”
JLR cyber update: "Very sorry"
“We are very sorry for the continued disruption this incident is causing” JLR said in a September 16 update – its first since initially acknowledging the crippling ongoing incident on September 10.
Security researcher Kevin Beaumont (who with a few simple scans has hinted that JLR has porous security) noted in a blog on the incident this week that “many organisations think IT disaster recovery plans deal with ransomware. It doesn’t. The first thing ransomware groups do is delete backups and recovery systems, before they disrupt anything else."
He added: “Anybody who has been in the trenches of these incidents will tell you that two things happen: your business IT has a heart attack, and paying does not equal restoration…The real risk… is somebody deliberately tries to set your head office on fire, but via IT. And in almost all cases, when that happens, the organisation doesn’t know what to do — and calls the NCSC and NCA like they’re the fire department.
“The fire department it is not…”
The attack has been claimed by a loosely-knit collective of hackers who often begin their breaches with social engineering attacks, for example by calling (often overloaded and outsourced helpdesks) for password resets.
Many are believed to be from the US and UK. As Beaumont added on LinkedIn: “Sizable economic shocks in different industries are starting to arrive via teenagers, people who are too young to legally name even…”
Labour’s Liam Byrne MP has written to the chancellor requesting “Covid-style emergency help for suppliers” – a move which would leave taxpayers picking up the bill for poor cyber-resiilence investment by JLR .
The link has been copied!
