Ex-GCHQ chief: No company should be offline for weeks after cyberattack
No vigilant company should need to go offline for more than a few days after a cyberattack, the former director of GCHQ has said in comments that will pile fresh scrutiny on Jaguar Land Rover’s (JLR) preparedness before its hack left production at a standstill for over a month.
Robert Hannigan, who ran the UK government’s blue-chip cybersecurity agency for three years, told City PM that even when an attack gets through a company’s defences, “it doesn’t need to paralyse the company for weeks and months”.
“It is perfectly possible to build the right prevention defences and then build the right resilience,” he said.
“And although the companies that get hit in the headlines are big names, there are thousands of companies who are protecting themselves every day, and even if an attack gets through, they are back up and running quickly. So we tend to focus, understandably, on the disaster, but there are plenty of companies doing the right thing every day, and so it’s not impossible at all.”
The comments from one of Britain’s pre-eminent cyber security experts threw into sharp relief the resilience at some of the UK’s most renowned blue-chip firms, after cyberattacks forced the likes of Marks and Spencer, JLR and the Co-op to halt core business lines for weeks.
Firms should not expect government cyberattack support
JLR remains in the throes of its response to a crippling attack, which has left it unable to restart production over a month after news of the attack became public.
It has also forced the government to unveil a taxpayer-backed loan in a bid to prop up the dozens of firms and hundreds of thousands of workers that make up JLR’s sprawling supply chain.
The Tata-owned company said on Monday that it hoped to partially restart operations “within days”. But Hannigan said there was “absolutely no need for a major company to be taken offline for weeks or months” in the way JLR has been. But it still faces mounting questions of the extent and efficacy of its cyber defences, after it outsourced much of its computer systems to its owner’s sister company, Tata Consultancy Services.
JLR’s attack is just one of a string of household name businesses whose operations have been ground to a halt in the wake of a vast proliferation of malware or ransomware attacks.
Brewing giant Asahi, which owns Peroni, Grolsch and London Pride, is also responding to an attack of its own that has reportedly left it days away from running out of beer in its native Japan. And M&S was forced to announce a £300m write-down after a devastating cyberattack disrupted its services for weeks.
Hannigan – who is now warden of Wadham College, Oxford – added that while he supported the government’s decision to support JLR’s suppliers with a taxpayer-backed commercial loan, bosses should not expect ministers to intervene habitually.
“Government… can’t protect every company,” he told City PM at the Global Cybersecurity Forum. “They can focus on government and critical industries – utilities for example – but they can’t do it for [everyone]. That’s up to boards and companies to do it themselves with advice from government.”
A spokesman for JLR said: “As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world‑class vehicles.
He added: “We continue to work around the clock alongside cybersecurity specialists, the UK government’s NCSC and law enforcement to ensure our restart is done in a safe and secure manner.”