Toyota Australia Rebuilt IT System Following the 2019 Cyberattack
This Is A Reminder that Careful SAM Planning Can Help You Avoid Some Nasty Security and Compliance Issues.
In 2019, Toyota Motor Company Australia was hit by a cyberattack, leaving employees with no access to their email accounts for days. The company apologized to its customers for the inconvenience, saying that it was experiencing technical difficulties and was unreachable via phone or email.
Two years later, the company managed to rebuild its entire IT environment without the help of a central list of its IT assets and how they were interconnected, because the system used to store that data was incomplete.
IT infrastructure manager Michael Mirabito revealed to IT News that the carmaker was in the process of rebuilding its IT helpdesk systems and configuration management database (CMDB) when the attack took place.
When Toyota closed its Australian manufacturing operations in late 2017, it also moved its IT support from more of an insourced type model to an outsourced model.
At the time, a managed services provider who used its own proprietary – but basic – ticketing system was appointed. However, Toyota decided not to renew the contract, and chose another provider in their place.
According to Mirabito,
The old vendor wasn’t happy about not renewing the contract and it was a very quick exodus. They refused to stay longer than two to three months, and it was pretty much, ‘That’s it. We’re gone at this point, whether you like it or not.
As a result, the company decided to stand up its own ITSM platform in ServiceNow, but with only three months, which fell over year-end holidays, Toyota had to make some decisions on what was critical and essential functionalities, and what had to be skipped. The CMDB was a casualty of the rush and was still under repair when the attack occurred.
I can tell you now, it made us realise how important the CMDB is. We wished that we had a better CMDB at that point because it would have made that rebuilding process better. Unfortunately, because we didn’t, we had unknown infrastructure out there, we had apps and services that we didn’t know how they connected together, and knowledge within the business had been lost over time. We had to just scramble at that point and work as well as we could together to rebuild and get the information that we needed.
The recovery led IT to servers they didn’t know were still in the picture, and to repair systems that had been long overlooked by the people who originally set them up.
Heimdal™ Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
As per Mirabito’s statement, since the attack, the company had benefited from service discovery and mapping. It found IT assets it wasn’t previously aware of and then mapped how they were connected to other systems and processes.
The company also turned on software asset management (SAM) to keep up to date with paid licenses and to challenge users whose licenses were unused for a long time.