Repeated cyber attacks act as a stark reminder this Cybersecurity Awareness Month

Every year, Cybersecurity Awareness Month is intended to act as a period of heightened awareness for businesses – an opportunity to educate staff in the latest cyber hygiene and address any vulnerabilities that may be lurking in one’s perimeter.

This year, however, businesses are entering the month with particularly painful reminders of the importance of cybersecurity.

Organizations have weathered a month of severe cyber attacks – from those that have shut down global supply chains to emotionally distressing extortion attempts.

In the UK, Jaguar Land Rover (JLR) was attacked at the end of August, in one of the most financially damaging cyberattacks of this year.

The automotive giant shut down its IT systems to contain the damage but has since lost an estimated £50 million per week, per analysts cited by Reuters.

JLR is expected to restart some production lines this week, per the BBC, but this comes far too late for some of its small suppliers. This is a particularly pertinent reminder of how cyber attacks can be devastating not only for the businesses they hit, but also for all their dependents within the supply chain.

While the firm’s UK workforce totals 30,000, its supply chain encompasses up to 200,000 roles in the country – and some of these could now be lost as smaller suppliers fold under the strain of paying their bills with no sales to cover their costs.

An attack on Asahi Group, which began 29 September, was smaller in financial scale. But the manufacturer of Asahi Super Dry Lager was forced to suspend production at its breweries as the attack centered on its ordering and delivery infrastructure left it unable to ship existing stock.

Japan faced potential shortages of the beer as a result, with Asahi Group having since been forced to process orders by hand, phone, and even fax machine per reports in The Independent.

These attacks follow particularly catastrophic disruption of UK retailers earlier in the year, with M&S forced to halt online sales amid IT disruption and the Co-op similarly pushed into suspending IT systems as hackers attempted to breach them.

All of this reminds leaders that even when data isn’t stolen and ransoms aren’t paid, businesses can lose millions to operational disruptions and customer dissatisfaction.

What JLR is now experiencing is a more drawn out form of the pain MGM Resorts faced in September 2023. The hospitality giant was forced to shut down its casino IT across Las Vegas in 2023, while responding to a widespread cyber attack believed to have been carried out by the threat group known as Scattered Spider.

This meant everything from slot machines to room keys stopped working, affecting the firm’s tens of thousands of hotel guests. By the time it resumed normal operations later the same month, it had lost an estimated $100 million, per an SEC filing.

Cyber attacks causing emotional distress

One of the primary goals of cybersecurity awareness month is to get the wider workforce and general public thinking about cybersecurity to a greater degree.

Widespread attacks that directly affect thousands of jobs such as those on JLR can cut through – as can those that deprive people of everyday goods, such as Asahi beer.

But other attacks resonate with the public for more emotional reasons. This month, an attack on the Kido nursery chain captured headlines because of the direct threat it posed to the personal data of over 8,000 children, which it stole in an attempt to extort the company for £600,000 in bitcoin.

At the time, Tim Erridge, VP EMEA within Unit 42 at Palo Alto Networks, told ITPro that the case was particularly notable because of the particularly sensitive nature of those affected.

Two 17-year-olds have since been arrested on suspicion of computer misuse connected to the attack, which saw the ‘Radiant’ group breach Famy, a third-party software supplier for Kido.

If a lesson can be learned from the attack, it’s that even a brand new threat group comprised of relatively inexperienced attackers can cause major damage and upset to victims by exploiting supply chain vulnerabilities.

Above all else, the past month has shown how critical cybersecurity is to even the most fundamental business operations. Rather than simply seeing them as ‘the department of no’, employees from the SLT down have been given a reminder that their salaries – and the continued existence of their company – hang in the balance if vulnerabilities are overlooked.