Shownotes
The cyber-attack on Jaguar Land Rover made headlines when production facilities were forced offline, and operations were disrupted across the company. What initially appeared to be a contained security incident quickly evolved into a much larger story with industry-wide implications.
"That proactive approach, [like what Deborah used], really embedding it in the business strategy is the only way to minimize the damage, financial and reputational." -Caesar [23:38]
As details emerged, questions arose about the growing challenges facing modern manufacturers. Today's automotive companies depend on complex digital systems that support everything from communications and production to customer services and supply chains.
- The JLR cyber attack showed how interconnected today's automotive industry has become.
- A cyber incident can affect far more than computers—it can bring operations to a standstill.
- Resilience and preparedness are becoming just as important as technology itself.
In this episode, Chloe and Caesar explore what happened at JLR and discuss the lessons businesses can learn from the incident. The conversation highlights why operational resilience has become just as important as protecting data in an increasingly connected world.
Chapters
- 01:38 The Shockwaves of Change in the Automotive Industry
- 06:06 The Shift in JLR's Cyber Incident Response
- 12:34 The Impact of Cyber Attacks on Manufacturing
- 14:12 The Ripple Effect of Cyber Attacks on Manufacturing
- 22:22 The Evolving Landscape of Cybersecurity
Episode Resources
Episode Credits
Various fun sounds throughout this episode are either created within our studio or downloaded and licensed from Envato, with final mastering done in Seaside Records Studios.
Chloe and Caesar are AI synthetic voices. The content is put together by the Black Beauty Jag Podcast team and fed into the AI tool for Chloe and Caesar 🎙 to deliver on behalf of Michael and Deborah ❤️.
For more information or questions, please feel free to contact us via BlackBeautyJag.com/contact.
Some of the links in our show notes may be affiliate links. This means, at no additional cost to you, we may earn a small commission if you make a purchase through those links. We only recommend products or services we believe will add value.
Thank you for supporting Black Beauty Jag! 😎 She thanks you! 😎
© 2024 Seaside Records, part of Michael T. Anderson dba Anderson Creations
_________________________
Mentioned in this episode:
Promote Your Product Across America!
Let Black Beauty Jag "advertise" YOUR product to the masses on her Route 66 Tour!
Sponsor Black Beauty Jag on the Route 66 Tour!
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Transcripts
Hey, Caesar. This past week was pretty interesting for Jaguar Land Rover, wasn't it?
Caesar:How is that, Chloe?
Chloe:Something that sent shockwaves through the car world. Really? The cyber attack at Jaguar, you heard about that, right, last week?
Caesar:Oh, yes, I did, Chloe. What a great topic to chat about today. Let's dive in, shall we?
Chloe:Yeah, I thought so. So I gathered up some research for us. Here we have jlr, this huge British luxury brand basically brought to its knees by a cyber attack.
And we're not talking about a small IT glitch here. This was a global production shutdown, a massive blow for such an iconic company.
And while it's a very stark reminder for everyone about these digital threads, threats that businesses face constantly now, and as.
Caesar:We do in our discussions, this isn't just about, you know, reading the headlines. We are going to go deeper.
Chloe:Exactly, Caesar. Our mission is to get beyond that initial news flash and really dig into the layers of what a modern cyber incident actually looks like.
We're looking at the what, but also how the story itself changed, as well as the who.
Caesar:Oh, the who. I heard it was a shadowy group claiming responsibility. We are also talking about why these cyber attacks matter.
Why does it matter to the businesses like jlr? But more than that, why does it matter to consumers like you and me, Chloe and Michael and Deborah and all of you as our listeners?
So we will dig into that too.
Chloe:We'll cut through that early confusion to piece together the full story based on what our sources tell us. JLR's own story shifted. In just a few days.
We'll investigate the attackers, who they are, what they've done before, because they have done things like this previously, it seems the initial costs and the impact of the longer term rebels and what the experts are saying, the big lessons here for anyone running a business or just living in this connected world.
Caesar: ,:What was the initial impact and what did they tell people at first when something big hits, JLR shut down their IT networks fast. But as you can imagine, that caused immediate and severe disruption to actually making cars. We're talking major UK plants.
Sol Hillwood, Wolverhampton. The production lines just stopped as in ground to a halt.
Chloe:Thousands of skilled workers were basically told to go home because the systems running everything were down. And initially JLR's public statement was, well, quite cautious. It was basically on the side of reassuring.
They said they did not believe any customer Information had been stolen. The focus seemed to be very much on just containing it, getting things back online.
Caesar:And Chloe, from what Deborah says, with her background in corporate it, like the level of head of this sort of it, that is normal, the way they handled it with the messaging is the normal approach and reassuring their stakeholders.
Chloe:That sounds relatively contained, doesn't it? But these situations often develop, don't they? The story took a much more serious turn just days later. What changed when?
What forced them to, well, completely backtrack on that initial assessment?
Caesar:I don't know if I would say backtrack, Chloe.
I mean, yes, technically, as I said, I was consulting with Deborah, owner of this Black Beady Jag podcast, along with Michael, also an IT networking guy, and she was saying that initially that is the response. And you go to work assessing the situation.
You do not want to announce to the world that the problem is worse than what it is and then backtrack to say, oops, it wasn't as bad as we said, or you sound like a moron.
Chloe:Also, the time that you are spending writing up statements and press releases is critical time needed to assess and address the situation. That doesn't mean it isn't ideal to assess it correctly out of the gate, but it is another perspective on the messaging.
Caesar:Granted, we are not here to analyze the definition so we can get back to defining the issue. The story instead.
Chloe:A makes sense to me, the getting back to the story and also what Deborah shared with you about different perspectives. Life is full of different perspectives and different points of reference.
We cannot deny that as humans with different backgrounds and understandings of the situations we find ourselves in or situations that present themselves.
Caesar:And about this time in the story, after the initial announcement is where it gets exciting, for lack of another term, and it shows just how messy these things can get. On September 10, just over a week after the first announcement, JLR put out an update and it was a major U turn.
A complete reversal of what they had said earlier.
Chloe:Uh, so their IT team had time to assess, eh, the only thing that Deborah said on that is that when she had a server issue and the boss said that there was no choice and it had to be fixed on the weekend and failure was not an option. She got it done by staying up all night and working 80 hours straight.
It was a holiday weekend, so there were some added days off along with the weekend.
Caesar:Yeah, her husband came in and kept her awake so she could keep working and she got it done with 0% loss and 100% success. She has had 100% success through her career handling it.
So it is possible it is a bit concerning that it took so long for the team to make that u turn, but we are not here to point fingers.
Chloe:What is it? Walk a mile in their shoes.
Caesar:True though Deborah has, but not the point. Live and learn, right?
Their forensic investigation, which is the deep dive into the digital evidence, led them to now believe that some data had been affected. And crucially, they explicitly confirmed that data had been stolen.
Chloe:Ah, okay, so not just affected but actually stolen. That's a big shift.
Caesar:Exactly. That steps up the severity massively. It goes from being a disruptive operational problem to a full blown data breach.
They've notified the regulators now like the UHE's Information Commissioner's Office, the ICO, and they've said they will contact anyone deemed appropriate if they find that their data has been impacted or compromised in any way.
Chloe:This whole situation, as well as how it changes in over 10 days from a mere interruption to stolen data, really highlights how complex and how uncertain the first few days, even weeks of a major cyber incident response can be, even for a large company like jlr.
Caesar:Sure does. So the severity jumps up. Data is confirmed stolen. The big question then becomes who did this?
Chloe:A group claimed responsibility and they had a very unique, memorable name. The name of the group is the Scattered Lapsus Hunters.
Caesar:My first thought is what kind of group is this? Is it like a formal organization or what are we actually dealing with here?
Chloe:I guess the name reflects the structure, or I should say the lack thereof of this group and that structure is key to how they operate.
Caesar:I read or heard that this group also goes by other names like Scattered and Spider.
Chloe:You know, it is probably easier to think of them as not really one single gang. It's better to think of them as maybe a loose collective, sort of like a shared brand.
It seems different hacking groups, notorious ones like the original Lapsus, maybe Shiny Hunters, might work together under this name or share tools. They're described as a loosely MIT group of English speaking hackers. They are probably less hierarchy and instead more agile and more networked.
Caesar:No, and they weren't exactly shy about it. They apparently claimed responsibility quite openly on the social media Telegram app.
Reports say that they even shared screenshots that look like an internal JLR SAP system. They stated that they deployed ransomware on the JLR systems they hacked.
Chloe:Wow, an SAP system. That's like the company's brain, isn't it?
Caesar:Pretty much, yeah. It handles everything. SAP stands for Systems, Applications and Products In Data Processing.
It would cover things like supply chains, production orders, finance, and the list continues. Getting access to that is like getting the keys to the kingdom.
Chloe:This isn't their first major operation, is it? As I mentioned earlier, the hackers have a track record that suggests they know what they're doing. As in having caused problems like this previously.
Caesar:Oh, absolutely. This group, or groups operating under this banner have a really formidable and honestly quite worrying history.
Earlier this year they were linked to these big salesforce data theft incidents. Widespread stuff. In those cases they used clever social engineering tactics, tricking people.
They used stolen digital keys and tokens to get data from loads of big names.
Chloe:That isn't very nice. Who were some of the targets? They hit tech giants.
Caesar:Google, Cloudflare, Elastic, Palo Alto Network, Zscaler, Tenable, a real who's who and beyond the tech sector. They were blamed for causing chaos at several British retailers too.
Marks and Spencer, M and S, the Co Op, Harrods, even the train company LNR were hit.
Chloe:I remember that disruption. It was huge.
Caesar:Yeah, exactly. Significant operational damage, big financial hits. That MNS attack reportedly cost them 300 million online sales, which stopped for six weeks.
So, yeah, understanding this background helps us to understand their capabilities, their willingness to cause disruption and their intent to steal data. They pose a massive threat.
Chloe:So data theft is clearly a huge part of their playbook and it causes massive anxiety. But this JLR attack really throws another monkey wrench into the mix. I mean, what about stopping a massive manufacturing operation cold?
What's been the actual physical, real world effect on JLR making cars?
Caesar:It's been catastrophic for their operations, really. Production at those main UK factories like Solihull, Halewood, Wolverhampton, it has been stopped since the start of last week.
To put a number on it, that's roughly a thousand vehicles a day that are not rolling off the line.
Chloe:A thousand a day, wow. Yes, that is significant and worth mentioning, I'd say.
Caesar:Cars people have ordered aren't being built, parts aren't moving, schedules are chaos.
Chloe:They initially hoped to restart fairly quickly, maybe by September 15th, but that didn't happen. The shutdown kept getting extended. Staff said to not come back until at least Wednesday of the following week, after the 15th or so.
Caesar:Staff said to not come back until at least Wednesday of the following week, after the 15th or so.
Chloe:A thousand cars a day not being built is staggering. What's the financial fallout and what about the wider economic impact? It can't just be JLR feeling this. I'm sure there is a wider impact.
Caesar:You are right. The financial costs are piling up at an incredible rate and they are immense.
Chloe:One former industry executive estimated these factory closures alone could be costing jlr up to 5 million pounds a day in lost profit.
Caesar:It's a really stark example of how a digital attack can have a profound physical impact on industry.
Chloe:£5 Million every day is an awful lot for any company to swallow.
Caesar:It is. Every single day the lines are stopped. For a company like jlr, that's a huge hit to their bottom line, their plans, everything.
But like we were chatting, it doesn't stop there. The disruption just cascades down from there. Think of all the suppliers who provide parts to jlr.
Some of them, like the smaller businesses, who are reportedly now worried about bankruptcy because their main customer just stopped ordering. And then there are the retailers in the dealerships relying on those cars and parts. It's a massive ripple effect.
Chloe:It really makes you think about what the real cost is. I remember Siren Martin, the former head of the UK's National Cybersecurity center, made this really interesting point about attacks like this.
He basically said that for a company like jlr, data theft is bad, but stopping them from making cars is the critical thing.
Caesar:Yeah, he used this incredibly powerful analogy that really sticks with you. He argued that data theft is kind of like photocopying your bank records.
It's bad, it's worrying and could lead to problems, but it doesn't immediately stop you functioning day to day. But an operational shutdown like JLR is facing is like being punched in the face and having your legs broken.
Chloe: iscontinuing production until: Caesar:We did that.
JLR did have some car production happening and the difference is too whether the production has stopped because JLR decided to do so, or someone else halte. Like the punch in the face, broken leg scenario.
Chloe:If jlr, or any company for that matter, decides to halt production, you can be sure that they have at least discussed and or considered the ramifications that we have discussed here. But in this cyber attack, they did not have a chance. There were not given the chance.
Caesar:And what you are saying here, Chloe, raises a fundamental question for you, our listeners.
We focus so much on protecting customer data, legally and publicly, and that's vital, don't get me wrong, but is a company's basic ability to just operate, to do its core business, liking making cars, in this case equally critical?
Chloe:Maybe even more so in the immediate term, Caesar.
And that's such a key distinction because if the main focus legally and maybe in boardroom thinking is still on avoiding the photocopied records scenario, data breach finds reputational hits from data loss. Our companies may be underinvesting and preventing the cunching the face broken leg scenario. The total operational halt.
It feels like there might be a mismatch going on here.
Caesar:I think there often is a mismatch. The regulations like GDPR heavily penalize data loss because it directly harms individuals. That is appropriate and right.
But for the business itself, especially manufacturing, being unable to do anything is potentially existential. So the shift needs to be towards operational resilience. It has to be just as important as data security.
That means investing not just in firewalls to keep people out, but in designing systems that can withstand these types of hacker attempts and be impervious to them.
Chloe:Manufacturing companies need to consider how they can set up critical operations like the factory floor operations in a way that can be isolated if the main IT network is hit. IT means having real tested business continuity plans, offline backups, manual overrides for essential processes, etc.
Caesar:When I was talking to Deborah and she was talking about business continuity in the financial industry where her expertise lies, she mentioned that the manufacturing companies need ways to keep going even if they are limping.
Chloe:She said you could do that by designing systems to fail gracefully or run in a degraded state rather than a total collapse. Look at the M and S attack again. It cost £300 Million, mainly because it stopped their online sales for six weeks.
That operational paralysis was financially devastating even without massive data theft headlines.
Caesar:But using the approach Deborah suggested and implemented in her cases as Chief Technology Officer, as it relates to the financial industry, the company would have gracefully survived and the losses would have been minimized.
Chloe:Okay, so shifting back to the data aspect for a moment here. Now that data theft is confirmed, Robert Cottrell at ANS said the level of severity definitely stepped up in this case.
So why is the car industry such a juicy target for groups like these scattered hackers?
Caesar:Well, it's kind of a perfect storm. Unfortunately, the auto industry holds these vast stores of customer, supplier and employee data. Just think about it.
When you buy a car, there are all your details. Then there's all the design data, the complex supply chain, logistics, payment info, employee records, and the list continues.
It's a goldmine of data, am I right?
Chloe:Yes, you are, Caesar. There are huge amounts of valuable information.
Caesar:It makes it incredibly attractive for criminals who want to sell that data on the dark web. Plus modern Cars are basically networked computers and they're connected to these really complex manufacturing systems and digital supply chains.
The attack surface is an. And as John Abbott from ThreatAware pointed out, confirming that data was stolen isn't just a technical footnote. It seriously damages the brand.
It hits customer trust relationships, and that's hard to rebuild.
Chloe:Good point, Caesar. I hadn't thought about cars as networked computers. Excellent illustration.
So, for individuals then, for you listening, if your data might have been part of a breach like this at JLR or anywhere else, what does that actually mean? What should you be looking out for in this situation?
Caesar:For starters, Darren Williams at Blackfog made a crucial point. Data exfiltration. Stealing data is now the primary activity of these ransomware gangs. It's often the main goal, even more than ransom.
Sometimes, because that stolen data is valuable, it can be sold, used for identity theft, or used to launch compelling targeted attacks later on after this event.
Chloe:Like phishing emails as another one.
So it isn't about the money that they could get, like the ransomware, as you said, but the sort of investment in that data that could keep giving in the ways that we have mentioned going forward. Wow, I guess I hadn't thought of it that way.
Caesar:That is because you are not a criminal, Chloe. That data is not theirs to steal, so they shouldn't be thinking about it that way.
But they do, because they are criminals and have no problem stealing what does not belong to them.
Chloe:As far as phishing emails, imagine getting an email that looks exactly like it's from jlr. Maybe mentioning your car model or a recent service asking you to click a link or provide some info.
Much easier to fall for if they have your real details.
Caesar:So John Abbott's advice is spot on. Customers need to be extra vigilant for phishing attacks or scams.
Be suspicious of any unsolicited emails or messages asking for sensitive information. Even if they look legit, always verify through official channels before clicking or sharing anything.
Chloe:So, pulling all these threads together, the operational chaos, the data theft, the sophisticated attackers, what's the big lesson here? How should businesses, especially right at the top, be rethinking their approach to cybersecurity?
Caesar:Now, I think Dominic Holden, a director at the law firm Lawrence Stevens, really hit the nail on the head. His point was cybersecurity is no longer just an IT problem. It is a boardroom issue, full-stop.
Chloe:Deborah agrees and always has and has tried to get the powers that be see that point for 25 years.
Caesar:This can't just be delegated down to the tech team and forgotten about on the board level or the leadership. They must demand robust planning. They have to allocate proper resources, money, people, time.
And critically, they need to make sure incident response plans are actually rehearsed regularly, like a fire drill, not just a plan sitting on a shelf.
Chloe:Oh yes, I remember Deborah talking about that and how insistent she was about disaster recovery planning and the business continuity plan. And she put that into action along with the drills, etc. at both places where she was the Chief Technology Officer.
I remember her saying that her underlings did not necessarily see the importance, but when the companies were praised by the SEC, they were impressed by Deborah's work.
Caesar:Exactly. That proactive approach, really embedding it in the business strategy is the only way to minimize the damage, financial and reputational.
When, not if, an attack happens, it signals a fundamental shift. Cyber risk isn't just technical, it's core business risk. Now it needs managing, just like finance or operations.
Chloe:So this JLR cyber attack, it's really more than just another news item, isn't it? It feels like a stark case study. It highlights this dual threat for modern cybercriminals.
They can cripple your core operations, stop you making things and steal your sensitive data.
Caesar:It really underscores how the landscape has changed. Attackers, like these scattered hackers, are sophisticated and have reach. They have a clear business model. It involves disruption and data theft.
The JLR incident just screams that businesses need a holistic security strategy. You have to protect the data, yes, but you absolutely have to build resilience into your operations too.
The line between a digital breach and physical shutdown is getting incredibly thin.
Chloe:This discussion today really shows how in this hyper connected world, a digital problem can literally stop a massive global company like JLR in its tracks. It's a wake up call, perhaps, that the biggest threat might not always be the one getting the most headlines.
Caesar:And that brings us back to that analogy and maybe a final thought for you, our listeners, and for every organization out there.
If a cyber attack can genuinely be like being punched in the face and having your legs broken operationally, are companies really prioritizing that operational resilience as much as they prioritize data protection?
Chloe:Or is the focus driven by fines and headlines about photocopied records potentially overshadowing the immediate crippling impact that could actually stop the business dead?
Caesar:How do you truly prepare for an attack that isn't just trying to steal from you, but trying to stop you from doing anything at all? Something to think about, eh?
Chloe:So true, Caesar. Great chatting with you about this. I cannot wait to let Deborah know about all that we discussed here.
Caesar:In the meantime, I hope all of you, our wonderful listeners, have a fabulous week, actually several weeks. And we hope to see you in our next episode of Black Beauty jag.
Chloe: er a holiday and next season,:And thank you for listening and spending time with us here at Black Beauty Jaguars.
