Toyota halted production at all 14 of its Japanese factories due to a cyberattack against Kojima Industries -- an auto parts supplier. The supplier Kojima, whose website remains down as of Tuesday, first identified the attack on Saturday & subsequently shut down its entire computer network to prevent the malware from spreading. Overall, one-third of Toyota’s annual production is represented by Japanese factories.

Lessons learned: you are only as secure as your least-secure vendor. Recommendations on managing supply chain risks:

• Incorporate a higher probability of third-party attacks into threat models & vendor risk management policies.
• Review third-party MSPs’, cloud providers’ & software vendors’ access levels -- minimize to the extent possible.
• When existing partners don’t measure up, require them to make improvements.
• Do not do business with third-parties whose security practices are inadequate.

https://www.nytimes.com/2022/02/28/business/toyota-stoppage-cyberattack.html?