A few months ago in episode 59 of the Cocktail Investing podcast, we discussed the looming cybersecurity threats to be had in the corporate supply chain. After that conversation, we figured it was only a matter of time until a high profile supply chain attack occurred. It was only a matter of months until the vulnerabilities for several automotive companies and their suppliers were exposed. How they address it means more spending associated with our Safety & Security investing theme.
To check out our latest Cocktail Investing podcast, click here.
Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics.
The exposure via Level One Robotics, which provides industrial automation services, came through rsync, a common file transfer protocol that’s used to backup large data sets, according to UpGuard Cyber Risk. The data breach was first reported by the New York Times.
According to the security researchers, restrictions weren’t placed on the rsync server. This means that any rsync client that connected to the rsync port had access to download this data. UpGuard Cyber Risk published its account of how it discovered the data breach to show how a company within a supply chain can affect large companies with seemingly tight security protocols.
This means if someone knew where to look they could access trade secrets closely protected by automakers.