Boosting Cybersecurity in Manufacturing: Lessons from JLR
The Jaguar Land Rover (JLR) cyberattack serves as a critical lesson for those in the manufacturing sector.
This attack forced the shutdown of JLR's IT systems, impacting production processes not just in the UK but globally.
The incident resulted in a significant production halt, affecting around 33,000 employees with consequences that are likely to carry on into the coming months.
The breach caused interruptions in manufacturing operations and parts supply, while also exposing sensitive company data.
The cybercrime collective known as Scattered Spider took responsibility for the attack, which sheds light on the increased vulnerability of manufacturing industries to such threats.
The Tata-owned carmaker is reportedly incurring losses of approximately ÂŁ5m (US$6.8m) daily due to the disruption.
Dr Darren Williams is the Founder and CEO of BlackFog. He speaks to Manufacturing Digital about what the JRL incident has taught the industry, and how companies can better protect themselves from these sorts of threats.
What makes data exfiltration such a powerful tactic for groups like Scattered Spider compared to traditional ransomware encryption methods?
Since all attacks involve some form of data exfiltration, it became very clear that we can effectively prevent an attack by stopping it.
If there is no data breach, there is no extortion and nothing for a cybercriminal to leverage.
While encryption was often used in the early days, it became a constant game of cat and mouse, eventually becoming easy to defeat.
How can organisations like JLR strengthen defences specifically against the risk of data being stolen rather than just encrypted?
Encryption is used in very few attacks today, whereas data exfiltration is used in 95% of attacks (BlackFog Q2-2025 Ransomware Report).
Interestingly, most organisations are so focused on watching the front door they neglect to watch what is leaving the building.
Most organisations donât even monitor data exfiltration at all, let alone protect against unauthorised data loss.
Anti Data Exfiltration (ADX) technology focuses precisely on this problem and includes insider threat protection, user behaviour monitoring and AI-based attacks.
What are the potential long-term consequences for automakers and their customers when sensitive data is exfiltrated in attacks like this?
Extortion has very wide implications for companies, not only from the perspective of customersâ private information, but corporate trade secrets and reputation.
The implications are far-reaching and can often take years to recover, especially when you consider not only the direct costs of remediation, but also the regulatory and legal problems that often follow from the government and class action lawsuits.
In fact, a recent report from IBM suggests that only 30% of the costs come from the attack itself.
Given Scattered Spiderâs past methods, what indicators should enterprises watch for to detect a breach before large-scale exfiltration takes place?
Monitoring user behaviour using AI-based activity monitoring is an important part of the detection regime embedded in these new ADX-based tools.
Watching what processes are running, how they are being used and what they are sending provides important clues about an attack.
It is also important to monitor network traffic over time using new AI-based detection logic to ensure that there is no latent activity within the network.
How do you see ADX evolving as part of enterprise cybersecurity strategies in critical industries such as automotive manufacturing?
Enterprise cybersecurity is a multi-layered approach by design and needs to consider multiple security approaches. It wasn’t long ago that most organisations considered a firewall more than sufficient.
Perimeter-based approaches using firewalls and EDR tools are no longer sufficient to combat modern AI-based threats that can adapt to these static approaches. In fact, many attackers are now training against these commercial solutions and disabling them as soon as they breach the device.
We see ADX as an important new strategy to disrupt attackers’ kill chain on many different levels and ultimately prevent extortion and data breaches in real time.
This also has the benefit of ensuring data compliance by reducing the likelihood of sensitive data leaving the organisation.
If we have learned anything, it is that threats are constantly evolving and advances in AI have only accelerated the effectiveness of attacks – therefore, so must your defences.
