On June 8, 2020, Honda posted on Twitter that Honda Customer Service and Honda Financial Services were experiencing technical difficulties and were unavailable. Lo and behold, another big company has been hit with a cyber-attack, and unfortunately Honda had to temporarily halt production in several plants around the world. The cyber-attack is said to have targeted Honda’s internal servers but the exact details have yet to be officially released. As a Honda owner myself with Honda Financial Services as my loan provider, I only hope that Honda did their part in ensuring the security of their data via cybersecurity controls like encryption. Yes, I understand that cybersecurity is not absolute but that does not mean we should make the job easier for the attacker. While it’s unclear if the attackers stole any data or files, we should all definitely be keeping an eye out for any new information.
So far Honda has issued a statement to the public that there has been “minimal business impact”, and we all eagerly wait for more details. To their benefit, Honda was able to resume production on Tuesday, the next day after the attack. This shows the importance of having an incident response plan along with a disaster recovery plan. The ability of Honda to be back up and running as quickly as they were able to tells us that their incident handling procedures are decently built out. Can you imagine if Honda was unable to resume production for more than a week? Not only would that be a monetary loss, but Honda’s reputation would also take a hit. Customers would lose trust and be more skeptical to do business with Honda.
Having an incident response plan and a disaster recovery plan is like having insurance. You never want to use them but when an unfortunate event does occur, you’re sure glad to have them to be ready to take the necessary actions needed to recover from an attack successfully with the least amount of impact to the business and to your customers.
Incident Response Plan Vs. Disaster Recovery Plan
Many times, those unfamiliar with cyber security and/or information technology often confuse these two terminologies. In simple terms, an incident response plan speaks to the actions that an organization would take when responding to a security incident. This includes the following steps: Identification, Containment, Eradication, Recovery, and Lessons Learned. All incidents should be documented as well, so organizations should develop a solid Incident Response Reporting Template. A disaster recovery plan describes how to resume business functionality as fast as possible in response to a disaster that causes business function to halt . A disaster could be a natural disaster such as a fire, a flood, a tornado, or a cyber attack that results in disruption to an organization’s operations. It is good cyber practice to have both documents preferably separate however they should not be created independently without consideration of the other.
As seen from Honda, one of many companies that have faced cyber attacks, cyber security continues to be ever so important for businesses of all sizes to implement no matter what kind of services they offer. Cyber security needs to be a part of the conversation from the very beginning, not only is this cost saving but it is also headache saving.
If a gigantic company like Honda can fall to an attack, what makes your business any safer? If you realize how much danger we all are facing on the Internet and you are ready to step up your business’ cybersecurity, schedule a free consultation now at the link below and let us help you figure out where you can improve: