Cyber Attack Impacts Entire Economy

Cyber attacks are getting bolder. 2025’s big story was the UK attack on Jaguar Land Rover (JLR), which not only crashed the company for several weeks but also crashed its entire supply chain. impacting the wider UK economy with damage exceeding 1.9 billion GBP (3.5 billion CAD). This is nothing short of economic warfare. Some attackers are designing their hacks to look ‘normal’, evading malware checks and letting them in to break equipment or processes.

By Peter Aggus

Peter is a technology management consultant who specializes in security and radio systems. He has developed innovative & cost-effective solutions for clients in many industries.

Who is at Fault?

Cyber attacks are often seen as IT’s responsibility – something that IT should somehow ‘deal with’. For sure, IT can, and does, implement robust technical protections to minimize the risk and impact of brute force cyber penetration.

Part of the IT response is the creation and use of backups. Unfortunately, backups are only of value if they work and are themselves clean of malware. Since you likely do not know precisely when the hack took place, you can have no confidence that any of your recent backups are clean. A number of recent hacks have taken much longer to repair because the daily and weekly backups were themselves infected by the same malware.

In the limit, every computer may need to be painstakingly rebuilt from a ‘bare metal’ start – meaning that the disks had to be completely scrubbed and loaded with clean operating systems and programs, all of which needed configuring. And don’t forget the IoT systems, HVAC, fire control, etc.

Jaguar Land Rover, their IT service provider, and quite probably London Drugs in 2024, were well protected from a technical standpoint. However, newer attacks are more insidious and exploit human weaknesses, as shown in our article Are You Being Sold Out By Your Own People?. These ‘human risks’ cannot be solved by technical solutions nor by the IT Department alone.

Designing for Unexpected Risks

System and security designers assume that a process they design will be executed the way it was intended. A parts-ordering process should only request the number of parts required, but if the design allows it, hackers could order far too many parts and cause huge economic harm.

If you are designing a water supply system, you might reasonably expect that the pump speeds would match the required flow rate – but what if they didn’t? Back in 2010, a small fragment of computer software (a worm) called Stuxnet was introduced to computers in Iran – a country suspected of planning to produce enriched uranium for nuclear weapons. The enrichment process used a centrifuge to separate isotopes of uranium. Technically, Stuxnet, just 500k bytes in size, was introduced to Iran via workstation computers. The ‘payload’ deployed changed the settings on the centrifuges to cause them to run so fast that they destroyed themselves. This was the first known deployment of a cyberweapon.

IT managers can deploy antivirus software to look for Stuxnet and other known malware. The best software will even look for the characteristic used by Stuxnet to identify similar malware. But the bad guys know that as well – and they are developing stealth code that does not ‘look bad’ to security systems.

The Way Forward

Identifying malware is one important facet of defence. But it is not the best to rely on. We only found out about Stuxnet after its use – which is too late for the first target. Instead, we need to out-think them to stay one step ahead – and that is a continuous process that requires serious and ongoing investment – and not just in IT.

When a multi-disciplinary team reviews software-controlled business processes, it is surprisingly easy to think like hackers to identify where the processes, not just the IT systems, are potentially open to attack. If your business has a vulnerability, then someone at some point will find a way to exploit it.

You should always have checks in place to identify when routine actions become abnormal – such as when payments do not match purchases, or when orders for parts do not cross-check with predicted demand. These checks should complete a real-time audit loop to verify that actions are always as predicted.

Every process should also have a ‘Plan B’ – how can you make the process work if the normal systems are defective. For example, you should be able to process inbound and outbound payments even if the normal IT systems, such as EFT and POS, are down.

These steps will allow you to both identify a hacker intrusion and to continue working around the defect while your experts work at repair. Yes, it will cost money – probably lots. But consider how much JLR lost in revenue by being dead in the water for several weeks. Think of that investment more like insurance – something you hope to never use but, if you do need it, you will be glad you had it.

If you’d like to discuss Cyber Attack risks, or to comment on this article, please email me at peter.