On September 1st, England’s largest auto manufacturer Jaguar Land Rover (JLR) disclosed that it had been hit by a cyber attack. Soon after disclosure, the company was forced to halt production across several factories worldwide as the damage began to ripple into every part of its operations.
One of our trusted partners Claroty recently wrote an insightful piece analyzing this incident. Gerrit Neyrinck, Expert Security Engineer at Easi, recaps the main takeaways and shares his own perspective on what this means for Operational Technology (OT) Security.
Understanding the Incident
The attack is believed to have been carried out by a threat group that infiltrated JLR’s systems months before detection, using phishing emails and social engineering to gain access. Once inside, the attackers quietly moved laterally across both IT and OT environments, compromising critical systems and supplier connections.
The impact was significant: the attack halted production, delayed deliveries, and amounted to millions in operational losses. This event demonstrates how a single compromise in Operational Technology (OT) environments can disrupt the entire production chain.
1. Visibility Is the Foundation of OT Security
We often hear: "You can’t protect what you can’t see." In many industrial networks, visibility into all connected devices remains limited, from programmable logic controllers (PLCs) to IoT sensors . This blind spot allows attackers to move undetected for long periods.
A strong OT Security strategy starts with full asset discovery and continuous monitoring. Together with our partner Claroty, we help organizations gain complete visibility across their IT, OT, and IoT environments, allowing faster detection and response to threats.
2. Network Segmentation Limits the Blast Radius
Flat, unsegmented networks are a hacker’s dream. Once attackers gain access, they can move freely across systems. Implementing network segmentation divides your infrastructure into isolated zones, ensuring that a breach in one area doesn’t spread throughout the production environment.
For manufacturers, this means separating production lines, administrative systems, and external vendor access. Proper segmentation drastically reduces the scope and cost of any incident.
3.Adopt a Zero Trust Mindset
A dogma among cyber security experts, and cases like the JLR cyber attack these show its merit, is to always assume a breach: "Trust no one. Verify everything." In today’s connected world, Zero Trust architecture has become essential. It’s no longer enough to trust devices or users because they’re “inside the network.” Every identity, device, and connection should be verified continuously.
Applying multi-factor authentication (MFA), least privilege access, and strong authentication controls can prevent unauthorized lateral movement. For organizations with remote engineers or external suppliers, Zero Trust principles are critical to maintaining control and accountability.
4. Measure and Improve Your Cyber Resilience
When a cyber attack occurs, recovery speed matters as much as prevention. Mean-Time-to-Repair (MTTR), the time it takes to isolate, contain, and recover from an incident, is a key metric for measuring cyber resilience.
Simulating real incidents, documenting clear recovery procedures, and ensuring your IT and OT teams are aligned can significantly reduce downtime. Practicing your response plan is just as important as having one.
5. Secure Your Supply Chain
The JLR incident also impacted suppliers and third parties connected to its network. This highlights the growing importance of third-party risk management, especially in the context of the NIS2 Directive.
Under NIS2, organizations are explicitly required to assess and manage cybersecurity risks within their supply chain and service providers. That means verifying who connects to your network, under which conditions, and how their access is monitored.
Implementing temporary credentials, least-privilege principles, and continuous monitoring for vendors helps meet these NIS2 obligations while minimizing exposure. Because even if your internal security posture is strong, a weak supplier connection can still bring your operations to a halt.
Final Thoughts
The Jaguar Land Rover cyber attack is a powerful reminder that cybersecurity is no longer just an IT issue, but, all the more, a business continuity issue. For industrial organizations, protecting the production environment means protecting the company’s core.
At Easi, we help companies strengthen their cyber resilience by combining our expertise with the technology of trusted partners like Claroty. Together, we provide complete visibility, advanced threat detection, and proactive defense across IT, OT, and XIoT environments, ensuring your operations stay safe, secure, and uninterrupted.
About Claroty
Claroty secures the Extended Internet of Things (XIoT) to deliver unmatched visibility, protection, and threat detection across all cyber-physical systems, including OT, IoT, BMS, and IoMT. Their mission is to empower organizations to confidently manage and protect the systems that keep operations running safely, continuously, and efficiently.
