Asahi cyberattack highlights risks to “operational technology”
By on Posted in Cybersecurity

Another type of cyber attack.

Operations for Japan-based beverage giant Asahi Group Holdings recently shut down after a cyberattack, causing a ripple effect that extended far beyond its breweries.

The incident forced Asahi, best known in the United States for its beer, to temporarily suspend shipments and some domestic operations as engineers worked to restore systems. The company has confirmed that, at this time, no customer data seems to have been compromised. However, the attack has affected the company’s information and operational technology networks. 

The interruption at Asahi highlights a growing concern for organizations: the rising vulnerability of  “operational technology.”

Operational attacks can have severe consequences

Ransomware and data breaches are in the news constantly, and they are a serious concern. But less well known are attacks that affect operational environments. Unlike information systems, operational technology systems manage physical processes such as mixing, packaging, and shipping a company’s products. When those systems fail, production stops immediately. 

In Asahi’s case, the threat group Qilin reportedly claimed responsibility, alleging that it stole approximately 27 gigabytes of internal data. That claim may or may not turn out to be true, but the attack demonstrates how quickly a breach can spread from networks to interconnected factory systems. 

Lessons from the Asahi breach

Asahi’s experience carries lessons for every industry that depends on connected physical systems, including energy, health care, and transportation.

  • Vulnerabilities across operations can intersect. Once a hacker breaches a corporate network, they may find that the operational systems are only a few steps away.
  • Access management is a weak point. Operational technology environments often rely on legacy authentication systems designed for convenience rather than security. Without strict identity verification and limited permissions, attackers can exploit those openings to gain control. 
  • Vendor risk is a concern. External technicians frequently maintain or update industrial software remotely. If not tightly secured and monitored, each remote connection can serve as a potential entry point.

Perhaps the most instructive aspect of Asahi’s response was its need to halt production entirely to contain the attack. That decision was appropriate under the circumstances, but it underscores how companies need strategies that can safely shut down and restart operational technology systems without compromising integrity.

In this sense, cybersecurity and business continuity are now inseparable. The most significant cost of an incident may not be the ransom payment or data loss, but the operational downtime and reputational damage that follow.

Moving toward resilience

Companies seeking to protect their operational technology systems can strengthen resilience through a few key actions. These practices not only reduce the likelihood of a successful attack but also improve recovery speed in the event of an incident.

  • Segregate IT and OT networks. Create clear boundaries between your IT networks, on the one hand, and your operational technology networks, on the other, using firewalls or gateways to contain attacks.
  • Adopt a zero-trust approach. Authenticate every user and device, whether inside or outside the network.
  • Enhance monitoring. Use tools that understand industrial protocols and can detect anomalies as they occur.
  • Control privileged access. Rotate credentials, apply just-in-time privileges, and log all administrative actions.
  • Prepare and test response plans. Include operational technology scenarios in tabletop training exercises, and ensure cross-team coordination.
  • Assess vendor security. Require cybersecurity commitments in vendor contracts, and verify compliance regularly.

The Asahi breach shows that businesses must preserve their ability to function in addition to protecting their data. Companies that invest in resilient architectures and cross-functional response planning will be better positioned to weather the next attack, whatever form it takes.

The Constangy Cybersecurity & Data Privacy Team assists businesses of all sizes and industries develop a comprehensive incident response plan or support with a breach. We are here to help! The Constangy Cyber Team is available 24/7. Contact us at breachresponse@constangy.com or by phone at 877-DTA-BRCH.

TAGS: Cyber Incident Response, Cyber Team, CyberMonday, Cybersecurity, Data Breach, Data Security
Facebook Twitter/X Linkedin Email
  • Lauren Godfrey wearing a gray blazer over a white top, accessorized with a cross necklace and drop earrings, arms crossed, posed against a light blue and white geometric background.
    Lauren Godfrey
    Partner
    412.870.4129 |

    Lauren guides clients through data security incidents, leading initial assessments and coordinating forensic and remediation efforts to contain, investigate, and resolve issues. She helps clients develop privacy, incident ...

    More from Lauren: Full Bio | Contact Author | Blog Posts

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek