Honda, the worldwide producer of cars, motorcycles, and many other products, announced to the world that it recently suffered a data breach. The Japanese company found itself having to halt production at plants in Japan, UK, North America, Italy, and Turkey. The company claims its IT network in Europe recently experienced a hack, saying it created “a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations.” The company said that the event affected their internal systems overall, including access to computer servers and email. Honda added, “There is also an impact on production systems outside of Japan.”
Cybersecurity experts investigating Honda’s current breach suspect it was the result of a ransomware attack called Ekans, also known as Snake. The hackers included a ransom note directing Honda to a Tutanota email address (a problematic, encrypted email service) to discuss purchasing the decryption key needed to unlock the systems. The ransom note claims the encryption key was “created specifically for your network.” That alone suggests Honda was the victim of a highly sophisticated and targeted ransomware attack.
This isn’t Honda’s first rodeo with data compromise, as the company experienced three other hacks prior to this latest security event. In 2011, the American arm of the company announced the PII (personally identifiable information) of over two million customers was hacked. Just last year, Honda was caught in two separate security incidents. In July, 134 million corporate documents were exposed in an Elasticsearch hacking incident. In December, 26,000 customer PII records were also exposed by a similar hack involving Honda’s North American branch.
Keeping ransomware from entering a data system isn’t easy, especially when an enterprise uses conventional approaches for an unconventional problem. Neil Stobart of Cloudian, a U.S. enterprise data storage company, explains part of the ransomware problem is “…software designed to stop malware rapidly becomes obsolete as threats and their identifying signatures evolve.” But that’s not the only issue.
Other than keeping anti-virus and other software updated and patched immediately, a cyber-smart staff needs ongoing security education to be effective. This means it takes more than just an occasional email phishing test to consider that employees are cyber-educated.
Remember, hackers and their attack vectors are not frozen in time. That’s why employee cyber education needs to be ongoing and up to date, as attackers and attack vectors are continually evolving and improving over time. As we know, employees are often the first line of defense against cyberattacks, and having a well-educated staff can be the best malware deterrent for any and all enterprise systems.