Nichirin-Flex USA, the U.S. subsidiary of Japanese automotive hose manufacturer Nichirin, has been impacted by a ransomware attack.
The attack occurred recently, and the company reacted as soon as it detected the unauthorized access on its network and moved operations into manual mode.
Looking into the Nichirin-Flex USA security incidence for Digital Journal is Craig McDonald, Vice President of Product Management at BackBox.
According to McDonald the cybersecurity incident provides a textbook example of how to organise a cyberattack, with some of the flaws within institutions being exposed. He states: “This attack on Nichiren-Flex USA, a subsidiary of Japan-based Nichiren, is a perfect example of how cyberattacks can go beyond their initial target and affect other vital aspects of the supply chain. In this case, the target is a manufacturer of motorcycle and car parts that is critical to distribution, creating supply chain delays in production and fulfilment.”
This attack has also mirrored other incidences. Here McDonald points out: “Just this year, Toyota had a similar incident where the company was forced to suspend operations of 28 production lines across 14 plants in Japan, an approximate 5 percent drop in monthly Japan production, which is about 13,000 units, because their supplier, Kojima Industries, suffered a ransomware attack that brought their network down. “
These types of incidences are very disruptive to business operations. McDonald draws on industry data to make this point: “According to Gartner, IT system downtime causes an average loss of $300,000 per hour. Enterprises familiar with and exercising the elements of disaster recovery will be able to drastically decrease this downtime. However, this attack is an indication that cybercriminals can inflict damage on large enterprises indirectly through attacking their suppliers and distributors.”
In terms of optimal solutions, McDonald recommends data backups as the ideal solution for addressing responses to cybersecurity incidences. In outlining this, McDonald says: “Just this past month CISA released a joint advisory recommending a data and systems backup plan that is isolated from the network (many ransomware variants infect recovery files).”
In addition, McDonald recommends: “To ensure business continuity, organizations of all sizes can proactively prevent outages and unnecessary downtime by following this guidance. Organizations can also look to leverage network security automation that simplifies backups, includes seamless disaster recovery and provides automatic verification procedures.”