Toyota Australia, the number one car brand in Australia had on 21 Feb 2019 confirmed that the company was 'attacked' by hackers.
What did the company do following the discovery of the attack?
GO OFFLINE IMMEDIATELY.
This is the 4th reported case where an entity goes offline following a cyber breach. Saudi Aramco and the government of Singapore and Australia were the other 3 reported cases where they went offline immediately following an attack on their computer systems. This seems to be the preferred solution by organisations and nation states going by the above reported cases.
We are of the view that the going offline is a drastic action and should NOT be the preferred solution to be adopted by organisations that were attacked.
In cases where the virus already ‘entered’ into the computer systems - which is how an organisation would have discovered the breach - shutting down the systems carries long term implications on the business which no one has managed to quantify to date and worse is that these implications might not be apparent now but would be made known months or years down the line.
And these implications could include the possibility of the supply chain being compromised as a result of the breach. And this is a high possibility considering that some of these organisations in the supply chain comprised of SME entities who don't prioritise cybersecurity as critical.
Very little was talked about the loss of data pursuant to every breach. Data would inevitably be lost after every breach. How much are lost? Depends on the cybersecurity measures put in place by the said organisation before the breach. Even if the system is fully restored subsequent to a breach, the organisation would never be able to gain back 100% of the data prior to the attack.
The solution is that it is always better to build your cyber resilience and adopts proactive measures to monitor and defend against cyber attacks than to resort to the drastic action of going offline.