Heimdal
article featured image

Contents:

In 2019, Toyota Motor Company Australia was hit by a cyberattack, leaving employees with no access to their email accounts for days. The company apologized to its customers for the inconvenience, saying that it was experiencing technical difficulties and was unreachable via phone or email.

Two years later, the company managed to rebuild its entire IT environment without the help of a central list of its IT assets and how they were interconnected, because the system used to store that data was incomplete.

IT infrastructure manager Michael Mirabito revealed to IT News that the carmaker was in the process of rebuilding its IT helpdesk systems and configuration management database (CMDB) when the attack took place.

When Toyota closed its Australian manufacturing operations in late 2017, it also moved its IT support from more of an insourced type model to an outsourced model.

Source

At the time, a managed services provider who used its own proprietary – but basic – ticketing system was appointed. However, Toyota decided not to renew the contract, and chose another provider in their place.

According to Mirabito,

The old vendor wasn’t happy about not renewing the contract and it was a very quick exodus. They refused to stay longer than two to three months, and it was pretty much, ‘That’s it. We’re gone at this point, whether you like it or not.

Source

As a result, the company decided to stand up its own ITSM platform in ServiceNow, but with only three months, which fell over year-end holidays, Toyota had to make some decisions on what was critical and essential functionalities, and what had to be skipped. The CMDB was a casualty of the rush and was still under repair when the attack occurred.

I can tell you now, it made us realise how important the CMDB is. We wished that we had a better CMDB at that point because it would have made that rebuilding process better. Unfortunately, because we didn’t, we had unknown infrastructure out there, we had apps and services that we didn’t know how they connected together, and knowledge within the business had been lost over time. We had to just scramble at that point and work as well as we could together to rebuild and get the information that we needed.

Source

The recovery led IT to servers they didn’t know were still in the picture, and to repair systems that had been long overlooked by the people who originally set them up.

Heimdal Official Logo
System admins waste 30% of their time manually managing user rights or installations

Heimdal® Privileged Access Management

Is the automatic PAM solution that makes everything easier.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

As per Mirabito’s statement, since the attack, the company had benefited from service discovery and mapping. It found IT assets it wasn’t previously aware of and then mapped how they were connected to other systems and processes.

The company also turned on software asset management (SAM) to keep up to date with paid licenses and to challenge users whose licenses were unused for a long time.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE