BlackFog Q&A: What Can We Learn from the JLR Cyber Attack?
This month, Jaguar Land Rover (JLR) was hit by a major cyberattack that forced the shutdown of its IT systems, bringing production to a standstill across its UK plants and global operations.
The incident, impacting around 33,000 employees, has resulted in manufacturing downtime stretching through much of the month, with disruptions expected to continue until at least November.
Alongside halting output and interrupting parts supply, the breach also led to the exposure of sensitive company data.
Responsibility has been claimed by the Scattered Spider cybercrime group.
For the Tata-owned automotive giant, the shutdown is estimated to be costing as much as Ā£5m (US$6.8m) in daily lost revenue.
Dr Darren Williams is the Founder and CEO of BlackFog.
Established in 2015, BlackFog specialises in preventing the exfiltration of digital assets and stopping ransomware-driven extortion and other malicious activity.
By targeting data security at its core, the company delivers a vital safeguard to reinforce traditional perimeter-focused defences.
Following his initial response to JLRās cyber incident, Darren discusses with Technology Magazine and Cyber Magazine what lessons organisations must take from this attack and how they can strengthen protection against escalating cyber threats.
What makes data exfiltration such a powerful tactic for groups like Scattered Spider compared to traditional ransomware encryption methods?
Since all attacks involve some form of data exfiltration, it became very clear that we can effectively prevent an attack by stopping it.
If there is no data breach, there is no extortion and nothing for a cybercriminal to leverage.
While encryption was often used in the early days, it became a constant game of cat and mouse, eventually becoming easy to defeat.
How can organisations like JLR strengthen defences specifically against the risk of data being stolen rather than just encrypted?
Encryption is used in very few attacks today, whereas data exfiltration is used in 95% of attacks (BlackFog Q2-2025 Ransomware Report).
Interestingly, most organisations are so focused on watching the front door they neglect to watch what is leaving the building.
Most organisations donāt even monitor data exfiltration at all, let alone protect against unauthorised data loss.
Anti Data Exfiltration (ADX) technology focuses precisely on this problem and includes insider threat protection, user behaviour monitoring and AI-based attacks.
What are the potential long-term consequences for automakers and their customers when sensitive data is exfiltrated in attacks like this?
Extortion has very wide implications for companies, not only from the perspective of customersā private information, but corporate trade secrets and reputation.
The implications are far-reaching and can often take years to recover, especially when you consider not only the direct costs of remediation, but also the regulatory and legal problems that often follow from the government and class action lawsuits.
In fact, a recent report from IBM suggests that only 30% of the costs come from the attack itself.
Given Scattered Spiderās past methods, what indicators should enterprises watch for to detect a breach before large-scale exfiltration takes place?
Monitoring user behaviour using AI-based activity monitoring is an important part of the detection regime embedded in these new ADX-based tools.
By watching what processes are running, how they are being used and what they are sending provides important clues about an attack.
It is also important to monitor network traffic over time using new AI-based detection logic to ensure that there is no latent activity within the network.
How do you see ADX evolving as part of enterprise cybersecurity strategies in critical industries such as automotive manufacturing?
Enterprise cybersecurity is a multi-layered approach by design and needs to consider multiple security approaches. It wasn’t long ago that most organisations considered a firewall more than sufficient.
Perimeter-based approaches using firewalls and EDR tools are no longer sufficient to combat modern AI-based threats that can adapt to these static approaches. In fact, many attackers are now training against these commercial solutions and disabling them as soon as they breach the device.
We see ADX as an important new strategy to disrupt attackers’ kill chain on many different levels and ultimately prevent extortion and data breaches in real time.
This also has the benefit of ensuring data compliance by reducing the likelihood of sensitive data leaving the organisation.
If we have learned anything, it is that threats are constantly evolving and advances in AI have only accelerated the effectiveness of attacks – therefore, so must your defences.
