Cyberattacks that affect business continuity are a critical threat to companies

Companies in multiple sectors have suffered cyberattacks that affect business continuity and cause serious economic and reputational damage

Cybercriminals can be faster than the world’s most powerful cars. Just ask Jaguar Land Rover (JLR). This UK car manufacturer suffered a security incident that undermined its business continuity and forced it to halt car production for a month.

This incident is not anecdotal. Cyberattacks that affect business continuity are a real threat.

In fact, cyberattacks that affect business continuity are increasingly being made public, as they can paralyze companies’ operations or disrupt essential services—for example, sales management or logistics.

Below, we will address key aspects of cyberattacks that affect business continuity and break down the cybersecurity services essential to preventing, detecting, and mitigating their impact.

1. What criminals are looking for in cyberattacks that affect business continuity

Malicious actors typically gain unauthorized access to company systems, often through social engineering targeting managers, employees, or suppliers.

Once inside, their goal is to obtain valuable information: intellectual and industrial property, confidential strategic documents, financial information, personal customer data, supplier contracts, etc. For example, in the incident affecting Jaguar Land Rover, the company has acknowledged that attackers stole some data.

In many cyberattacks that affect business continuity, malicious actors deploy malware on corporate systems, often ransomware, as happened in August to the US pharmaceutical company Inotiv. To what end? To extort companies by demanding they pay a ransom if they want to recover their information and prevent it from being publicly leaked or sold on the Dark Web.
By paralyzing a company or disrupting its basic services and operations, cybercriminals increase pressure on the company, which may decide to pay the ransom after the cyberattack, even though experts and public authorities strongly advise against it.

On the other hand, we cannot ignore the fact that state-sponsored criminal groups (Russia, North Korea, Iran, etc.) can launch cyberattacks that affect business continuity with the aim of paralyzing the operation of companies and critical infrastructure in essential sectors such as energy or drinking water management.

2. Containing the attack requires disconnecting corporate systems

It is important to note that in many cyberattacks that affect business continuity, companies disconnect their systems as a basic measure to isolate malicious activity, contain security incidents, and expel hostile actors.

However, reconnecting systems is not a simple task and cannot be done lightly. It is arduous work that involves incident response experts and can take days or even weeks.

This summer, United Natural Foods, a US company that supplies Amazon’s food division and thousands of supermarkets in North America, suffered a security incident that affected its electronic order management, billing, and payment systems, forcing it to manage them manually.

It took the organization 10 days to restore its main systems and even longer to recover other, less critical systems and return to full normalcy.

It took a similar amount of time for Bridgestone Americas, a leading tire company, to return to normal operations at several of its factories after an incident disrupted its operations.

Clearly, the longer it takes to manage the incident and recover full operability, the more serious the consequences will be, especially from an economic standpoint.

3. The industrial sector is particularly vulnerable to cyberattacks that affect business continuity

Cyberattacks that affect business continuity can impact all economic sectors.

However, they are particularly critical for industries such as automotive, food, and steel.

Why? The entire productive fabric has undergone significant technological changes over the past few decades. Still, the robotization of manufacturing processes and the use of IIoT (Industrial Internet of Things) devices have revolutionized the industrial sector.

In addition, cyberattacks against industries put cutting-edge industrial and intellectual property worth millions of euros at risk.

Criminals are aware of the extensive technological infrastructure of industries and what they can gain by attacking them. Therefore, it should come as no surprise that they focus on operational technology (OT) and industrial control systems (ICS). Why? These systems automate, manage, and control industrial processes. So, if their operation is disrupted, companies’ production lines are paralyzed.

At the beginning of this article, we mentioned the incident suffered by JLR, but we don’t have to look that far, nor think only of large multinationals that employ thousands and thousands of workers.

This September, in Spain, the steel company Aceros Olarra suffered a security incident that forced it to halt steel production for days. A week after the attack, the factory began to resume operations and gradually brought its workers back.

4. Consequences of cyberattacks that affect business continuity

The impact of cyberattacks that affect business continuity is enormous. For example, cleaning products company Clorox estimated the damage from an incident that disrupted its business continuity in 2023 at $380 million. What are the consequences for companies that suffer incidents that affect their business continuity?

• Investing in hiring a team of cybersecurity experts to orchestrate a response to the incident, restore normality, and investigate what happened.
• Reputational crisis with consumers. When cyberattacks that affect business continuity are made public, the media will inevitably report on these incidents. Therefore, it is important to incorporate crisis communication into business continuity plans.
• Inability to fulfill agreements with suppliers and customers. If production, logistics, or marketing systems are paralyzed or disrupted, companies cannot supply their customers, and relationships with their suppliers may also be undermined.
• Labor costs and tensions. Cyberattacks that affect business continuity to the point of interrupting production have a direct impact on workers. For example, Jaguar Land Rover had to send its workers home because it was unable to produce its cars. Meanwhile, Aceros Olarra had to agree with its workers to bring forward flexible working days to compensate for the days when steel could not be produced.
• Shortages of products or interruption of services. Cyberattacks that affect business continuity for several weeks can lead to a scarcity of the products manufactured by companies or prevent them from providing their services.
• Decrease in sales. United Natural Foods estimates it lost $400 million in sales due to the cyberattack that forced it to disconnect its systems.
• Loss of business value. For example, the technology company Smiths Group fell 2% on the stock market after reporting an incident that caused some of its systems to be disconnected.
• Compliance with legal obligations. In many cases, companies are required to report cyberattacks that affect business continuity or may have resulted in access to personal data of customers or employees to public authorities. In addition, some of the largest data protection fines originate from this type of serious incident.

5. DORA and the future Cybersecurity Law focus on business continuity plans

Our regulatory framework is placing increasing importance on the business continuity of companies that suffer security incidents.

On the one hand, the DORA regulation, which affects companies operating in the European financial sector, aims to improve their cyber resilience, which undoubtedly involves safeguarding their business continuity in the event of a successful cyberattack. Thus, organizations must:

• Approve and periodically review their business continuity and disaster recovery plan.
• Implement an ICT risk management framework that allows them to guarantee business continuity.
• Test their business continuity and disaster recovery plan once a year.

On the other hand, the draft Cybersecurity Law, which will be approved in the coming months to transpose the NIS2 directive into Spanish law, also focuses on business continuity.
This regulation will require companies in critical sectors (energy, transportation, health, food, etc.) to implement security measures, such as backup management, disaster recovery plans, and crisis management, to ensure business continuity.

6. How to prevent and detect cyberattacks that affect a company’s business continuity

To prevent security incidents from undermining a company’s operations and affecting its business continuity, it is essential to have cybersecurity services that increase the security posture of organizations:

• Social engineering testing. As noted above, malicious actors are increasingly using sophisticated social engineering techniques to gain access to company systems. Therefore, it is crucial to conduct social engineering tests to train staff and managers and raise awareness of the risks posed by techniques such as phishing.
• Continuous security audits combine automated tools with expert analysis to detect attacks early.
• Vulnerability management to carry out exhaustive monitoring of vulnerabilities in the company’s technological infrastructure and prioritize their mitigation based on their level of criticality and impact on the business.
• Red Team. In particularly sensitive sectors, such as finance, or in industries with ICS systems, it is essential to conduct Red Team exercises to test the organization’s resilience to complex, large-scale attacks, identify areas for improvement, and train defensive teams through 100% realistic simulations.

7. Proactive incident response to deal with cyberattacks that affect business continuity

While the cybersecurity services listed above are important, it is even more critical to have a proactive incident response service. Why? In cyberattacks that affect business continuity, reaction time and the preparatory work done to minimize incident impact are essential.

Unlike reactive incident response services, which only begin to work once the attack has been detected, proactive services carry out their tasks continuously and, before any incident occurs, have already performed the following on a regular basis:

• Readiness Assessment to deploy the response team immediately.
• Compromise Assessment to facilitate the identification of malicious activity.
• Incident simulations to optimize the response to real incidents.
• Threat analysis to identify threat actors and take measures to prevent successful incidents.

In addition, proactive incident response teams are also specialists in developing and optimizing incident response plans that help companies anticipate hostile actors and respond with maximum efficiency and speed to:

• Identify the scope of the compromise and expel hostile actors present in corporate assets.
• Minimize the impact of cyberattacks on business continuity.
• Restore normal operations as quickly as possible.
• Investigate the incident, identify the weaknesses that malicious actors exploited, evaluate the effectiveness of security mechanisms, and propose improvements to prevent similar incidents in the future.

In short, cyberattacks that affect business continuity are becoming increasingly common. Most of the examples we have used in this article are from the last two months. Above all, it is important to bear in mind that these incidents generate significant economic losses, thereby multiplying the cost of investing in a robust cybersecurity strategy to safeguard business continuity.