Lion has suffered a cyber attack which forced it to shut down its IT systems, causing disruption to suppliers and customers.
Lion explained it was working hard to “minimise disruption to customers and suppliers” although it is not yet clear what form that disruption will take.
It said that it is working with expert advisors to fix the issue, and has alerted the authorities.
“We will provide further updates when we can, and we thank our customers and suppliers for their patience,” Lion said in a statement.
Its breweries have been affected with reports that production has shut down across a number of brands.
Industry professionals, including Professor Greg Austin at UNSW (Canberra) who is deputy director of UNSW Canberra Cyber, have suggested that it is highly likely that the attack is related to the acquisition of Lion Drinks & Dairy by a Chinese corporation, and that the extent to which Lion has responded indicates it was an extensive attack.
“Whether it’s a ransomware attack, we don’t know. But for the company to shut down its IT operations – it’s a pretty unusual response,” Professor Austin told Brews News.
“However if the attackers are into their system and they’ve got access, they’ve locked you out and then the only recourse is to throw away those systems and go to backup files.”
In preventing attacks, Professor Austin explained that it was a multi-front activity, and that while it may cost Lion a considerable amount to recover, it will have other concerns regarding the breach.
“You have to build in some risk factors into your business model,” he explained.
“I suspect for Lion the repair bill won’t be too much for it to resolve, but there are reputational risks, and information which Lion wouldn’t want out there – even IP such as beer and drink recipes for example.”
According to the Australian Bureau of Statistics, in 2017-18, 11 per cent of businesses reported internet security incidents or breaches. It found that of those, manufacturing and wholesale trade industries reported the most internet security incidents or breaches, with 18 per cent affected.
Professor Austin said that due to the nature of a company’s business operations, they may feel that they are unlikely to be targeted.
“Companies which are not banks or big finance corporations, or don’t appear to have state secrets to hide like military arms manufacturers, are perhaps a bit less inclined to pursue cyber security to the extent that they need to,” he said.
“I’ve no idea about the degree to which Lion set up their cyber security, but on average most big corporations don’t invest adequately in cyber security. Attacks like this are normally a wakeup call to corporations.”
However he said that spending more doesn’t mean companies are invulnerable to attacks.
“What we see is that corporations are subject to repeated attacks, spend more on cyber security and then have another one and spend more. But companies are in a predicament because spending more doesn’t necessarily improve it or prevent the attacks.
“It’s a dilemma about what to invest in. The second point to make, is that whether you are subject to an attack has more to do with bad luck, rather than what you’re investing in.”
Professor Austin said that it was for most companies a lottery as to when and how they are attacked.
However due to the timing of the Lion attack, it is very likely connected to the upcoming acquisition of Lion Dairy & Drinks business, he said. The deal with China Mengniu Dairy Company Ltd, which does not including Lion’s beer and brewing operations, was approved by the ACCC in February.
“In a situation where this corporation is in the middle of a takeover by a Chinese corporation, it’s not surprising they have been subject to cyber intrusion,” Professor Austin explained.
He said it was highly likely that the attack came from a party interested in the deal, potentially even from a Chinese-backed organisation.
“The Chinese government will have its own interests in understanding the financial viability of the target corporation, and understanding the relationships and people involved.
“A non-Chinese agency might want to know what really is going on: who is involved in the deal; if it is all above board; what are the motivations of some of the players.”
If the attack on Lion was a ransomware attack, then they will not be the first.
“The thing about ransomware attacks is that they’re very indiscriminate historically. In the UK the NHS was affected by global ransomware attack in 2017 and it’s those sort of attacks that are propagated randomly.
“However a targeted attack often comes through these email approaches, what we call a social engineering approach – someone in the company has been sent an email with malware, opens it and the malware infects the system.
“If that’s what happened in that case, those internal processes and training of staff are pretty important.
“But research in US that suggests that even most security-sensitive industries, 50 per cent of staff still fail to recognise phishing emails.”
Professor Austin explained that often industries which would not consider themselves a target do not protect as comprehensively as they could.
“People in this sector probably don’t feel they are in line for a big cyber attack but those threats are out there, same with the average user, and we can also suffer considerable damage from attack.”