The Toyota data breach announced by the Japanese car maker on Friday highlights the need for cybersecurity capabilities beyond those possible by humans alone, cybersecurity experts have said.
The breach – the second reported by the company in just five weeks – saw hackers gain access to Toyota’s IT systems containing the sales information of up to 3.1 million customers.
The car marker is currently in the process of determining exactly what information was accessed and how many customers have been directly affected.
For cybersecurity experts, the latest Toyota data breach underscores the importance of continuous vigilance by major companies.
“While Toyota indicates they are now performing an audit of their systems, this attack and Toyota’s response highlight a need for continuous monitoring beyond reviews performed following an incident or as part of an annual review process,” said Tim Mackey, senior technical evangelist at Synopsys.
“Threat landscapes are continually shifting, as are regulations. Additionally, while large multi-national companies present a sizable target for attackers, an organisations size has no bearing on the success of its security practices as evidenced by the scope of large-scale data breaches within the last 18 months.”
Toyota data breach highlights need for intelligent cybersecurity solutions
For many, this cannot be achieved by humans alone – particularly given the scale of IT systems involved.
“Toyota’s recent data breaches highlight the fact that global enterprises do not have ample visibility into their massive networks and infrastructure, and therefore are not able to take proper actions to avoid data leaks,” said Jonathan Bensen, CISO and senior director of product management at Balbix.
Instead, organisations are being encouraged to embrace automation in cybersecurity in order to augment the work of their human employees.
“To prevent future incidents, Toyota must take into consideration the fact that analyzing and improving enterprise security posture is no longer a human-scale problem—especially for such a large enterprise,” said Bensen.
“To best combat cyber threats, global organisations must implement security tools that use machine learning and automation to monitor their enormous attack surfaces and vast IT asset landscape to proactively identify and address security vulnerabilities to mitigate the risk of future breaches.”
“Global organisations must balance their use of modern technologies (i.e. public cloud, containers, hybrid infrastructure, etc.) that are essential for maintaining a competitive market stance with the need for proper security controls,” added Chris DeRamus, CTO of DivvyCloud.
“Leveraging automated security solutions that allow for seamless and continuous policy enforcement provides companies with the framework to successfully reduce risk and maintain compliance across their entire environment.”