The digital battleground has claimed another high-profile casualty. This month’s cyberattack on automotive giant Jaguar Land Rover, which has brought production lines to a standstill, is the latest in a series of disruptive incidents that have recently impacted the biggest household names, including Marks & Spencer and the Co-op. 

These events prove that big budgets and advanced detection systems are no guarantee of immunity. The immediate need to contain and isolate a threat can, in itself, trigger a cascade of disruption, halting operations & threatening the livelihoods of thousands of employees while fracturing the supply chains that millions of consumers depend upon. In the current economic climate, these sorts of attacks might not be business ending for the company who has been targeted but can have a profound impact on the survival of some of the smaller players further down the supply chain.  

For Jaguar Land Rover, estimates point to a daily production loss of 1,000 vehicles, with forecasts of the shutdown continuing into November and weekly revenue losses spiralling into the tens of millions. 

Though organisations often remain silent on the specifics of a breach, the universal takeaway is clear from “if” an attack will happen, to “when.” 

This presents a challenge that every board must face: how to defend against a relentless threat with a finite budget. It is the question our clients bring to us most often: How can we strengthen our defences, and how can we build the resilience to neutralise an attack and recover with maximum speed and minimal damage, all while safeguarding our most critical data assets? 

Our security philosophy is structured around three core pillars: advanced technology, human expertise, and proactive strategy. In the sections that follow, we will explore each of these pillars and provide the key questions every organisation should be asking to fortify its cyber resilience. 

• Strengthening Technical Defences (Don’t leave the windows open) 

This involves implementing robust security technologies and architectures to make it harder for attackers to penetrate systems. 

• Advanced Endpoint Protection: Deploy Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) solutions. These go beyond traditional antivirus by monitoring endpoint and network events to identify, detect, and respond to threats like ransomware and malware in real-time. 

• Network Segmentation: Divide the corporate network into smaller, isolated segments. This is crucial for containing a breach. For a manufacturer like JLR, this means creating a strict separation between the corporate IT network and the Operational Technology (OT) network that runs the production line. A breach on the IT side should not be able to pivot to the OT side and halt production. 

• Zero Trust Architecture (ZTA): Operate on the principle of “never trust, always verify.” This means every user and device must be authenticated, authorised, and continuously validated before being granted access to applications and data. This mitigates risks from compromised credentials, a common entry point for attackers. 

• Robust Identity and Access Management (IAM): 

• Multi-Factor Authentication (MFA): Implement MFA across all critical systems, especially for remote access, VPNs, and privileged accounts. This is one of the most effective controls against credential theft. 

• Privileged Access Management (PAM): Strictly control and monitor accounts with elevated permissions (e.g., domain administrators). These are high-value targets for attackers. 

• Email, Web & Unified Communications Security: Utilise advanced email filtering solutions that can detect and block phishing attempts, malicious attachments, and spam. Web security gateways can prevent users from accessing malicious websites. Unified communications channels are increasingly being used to target users in Phishing and Vishing campaigns because they are the newer technology that haven’t yet been fully embedded into a lot of the filtering products on the market.  

• Regular Vulnerability Scanning and Patch Management: Moving away from annual or bi-annual penetration testing is on an upward trajectory. Continuously scan for vulnerabilities in all systems, applications, and network devices. Prioritise and apply patches promptly, especially for critical, internet-facing systems. 

• Asset Management: A lot of organisations continue to conduct asset management manually, which means that there is room for error and often, assets can be lost or forgotten about. Cyber Security Asset Management works hand in hand with vulnerability management. You are only half way there with vulnerability management if you have assets on your estate that you don’t know about as these will likely be unmanaged, unmaintained and un patched. Cyber Security asset management is a great way to scan your entire network, de-duplicate asset data from all of your portals and get a clear picture of what exists on your network.  

• Focusing on the Human Element (Keep on training) 

The attacks on M&S and the Co-op reportedly involved social engineering. Technology alone cannot prevent an employee from being tricked into giving away access. 

• Comprehensive Security Awareness Training: 

• Phishing Simulations: Regularly conduct realistic phishing simulations to train employees to spot and report suspicious emails, when employees fail a simulation, take the time to educate on where they failed and what they can do in future to prevent it happening again, this isn’t about pointing the finger, it’s about education. 

• Targeted Training: Provide specific training for roles that are high-risk targets, such as helpdesk staff (as seen in the M&S case), finance departments, and system administrators. 

• Ongoing Education: Security training should not be a one-off event. It needs to be a continuous program that addresses the latest threats and tactics used by attackers. 

• Cultivating a Security-First Culture: Leadership must champion cybersecurity from the top down. Encourage a culture where employees feel comfortable reporting potential security incidents without fear of blame. 

• Implementing Proactive and Strategic Processes (Plan for the worst) 

These are the procedural and strategic measures that underpin the technology and people-focused controls. 

• Incident Response (IR) and Business Continuity Planning (BCP): 

• Develop and Test an IR Plan: Have a clear, actionable plan for what to do when a breach occurs. This should include steps for containment, eradication, and recovery. 

• Conduct Tabletop Exercises: Regularly test the IR plan with key stakeholders through simulated cyberattack scenarios. This ensures everyone knows their role in a crisis. 

• Focus on OT Recovery: For manufacturing firms, the BCP must include detailed plans for safely shutting down and restarting production lines, as well as operating in a degraded, manual mode if necessary. The Co-op’s funeral parlours reverting to paper systems is a real-world example of this. 

• Third-Party and Supply Chain Risk Management: Your security is only as strong as your weakest link. 

• Vendor Security Assessments: Conduct thorough security reviews of all third-party vendors and suppliers who have access to your network or data. 

• Contractual Obligations: Ensure that contracts with third parties include specific cybersecurity requirements and clauses regarding liability in the event of a breach originating from their systems. 

• Threat Intelligence and Proactive Threat Hunting: Don’t wait to be attacked. Actively look for signs of compromise within your networks. Subscribe to threat intelligence feeds to stay informed about the latest attacker groups (like Scattered Spider), their tactics, techniques, and procedures (TTPs). 

• Data Backup and Recovery: Maintain multiple, isolated backups of critical data and systems. Ensure at least one copy is offline and immutable (cannot be altered or deleted by attackers). Regularly test your ability to restore from these backups. This is the most effective defence against ransomware demands. 

By implementing a holistic strategy that combines these technical, human-focused, and procedural controls, organisations can significantly reduce their risk of suffering a damaging cyberattack and improve their resilience to recover quickly if one does occur. 

For a customer looking to review their existing measures or strengthen their overall cybersecurity footprint, Darwin Technology Solutions transforms the daunting and complex vendor market into a clear, confident decision-making process. Our engagement begins not with a product, but with a deep, expert-led analysis of your current security posture, business objectives, and specific vulnerabilities to establish a clear understanding of your unique risk profile. From there, we run our truly independent assessment process, cutting through the industry’s sales jargon to evaluate the vast landscape of technologies and managed service providers. We scrutinise the technical capabilities, commercial value, and operational fit of each potential solution, ensuring the final recommendation is the absolute best fit to protect your organisation, align with your budget, and support your team.