Honda: managing a crisis within a crisis
16 June 2020
Earlier this week, Honda was hit by a cyber attack affecting its ability to access its email and internal systems. The attack was felt across its entire global network, with experts widely suggesting it could be the work of the “Ekans” or “Snake” ransomware strain, designed to attack industrial control systems networks.
The timing of this attack highlights a major challenge facing organisations in the wake of the coronavirus pandemic – managing multiple crises concurrently. Peter Groucutt, Managing Director of Databarracks, explains: “Dealing with a second disruption while already in a weakened state increases the impact significantly. This is the reality Honda is facing now.”
Like many car manufacturers, Honda has struggled to deal with the COVID-19 crisis, reporting significant losses for the fiscal quarter ending in March.
Groucutt continues, “Ransomware attacks are becoming more disruptive. Post attack, organisations now spend weeks remediating and restoring their systems. In fact, research earlier in the year revealed the average downtime for businesses hit by ransomware can now last 16.2 days – up from 12.1 days in the third quarter of 2019.
“Ransomware attacks are incredibly difficult to deal with in the best of situations, but it is even worse to be facing it during the global pandemic and various states of lockdown for its sites across the UK, US, Turkey, Italy and Japan.
“All organisations should reassess their risks in the current situation. A disparate workforce reduces some risks, but others will need to be addressed. Remote working isn’t necessarily any less secure, but the change and upheaval has created opportunities for criminals to exploit. New phone systems and collaboration software increases the chance of being fooled by phishing emails due to a lack of familiarity. Staff new to remote working and changes in process also create openings to exploit. Existing response plans may not work for a remote team and the lockdown restrictions, so think about how they should be adapted.”
Groucutt continues, “Not only will it take time for Honda to fix the issue, it will also add further financial pressures to the business, at a time when it is still dealing with the fallout from the pandemic. IT downtime, whether from an outage or a data breach, impacts an organisation in several ways but always carries a cost. The fact Honda has put production on hold across multiple global locations, and sent factory workers home, shows how debilitating this attack is and the longer operations are shut down the more costly this will become.
“Our own research into IT downtime revealed almost 40 percent of UK organisations reported a cost of IT downtime of over £5,000 per hour in the past year. That has increased from just 25 percent in 2017”, Groucutt concluded.