top of page
Search

What the Asahi Cyber-Attack Teaches Us About Managing Your Attack Surface

What Happened at Asahi


What we do know:


  • On September 29, 2025, Asahi Group Holdings (Japan’s largest brewer) suffered a cyber-attack that disrupted a large chunk of its domestic operations.


  • The attack knocked out order processing, shipment systems, and customer service operations. Asahi’s factories were not necessarily physically damaged, but many were unable to ship or accept new orders.


  • Asahi confirmed this was a ransomware attack, and they isolated affected systems


  • Although operations in other countries remain unaffected so far, the disruption has had immediate knock-on effects: retailers (like convenience stores) are warning customers about shortages, product launches have been postponed, and Asahi is manually processing some orders to try keeping supply flowing.


  • As of the latest updates, Asahi says there is no confirmed data leak of customer or employee personal data, but the investigation is ongoing.


Key takeaway: the attack didn’t require physical sabotage of factories, it targeted the digital infrastructure around orders, shipping, and communication. That was enough to bring much of the domestic business to a near standstill.



Why This Exposes Weaknesses in Attack Surfaces

“Asahi” shows how the attack surface of a business isn’t just about production machines or the core product. These are some of the risk vectors:


  • Critical non-production systems: Order management, shipment systems, email / communications systems. If those go down, even if you can still make product, you can’t deliver or sell it.


  • Supply chain & logistics dependencies: If you can’t move product, or can’t accept or fulfill orders, the whole chain breaks, even upstream or downstream.


  • Customer-facing interactions: Delivery, customer service, sales, all depend on systems being up. Outages damage reputation and customer trust.


  • Manual workarounds are slow and error-prone: When systems are down, switching to manual processing helps a bit but is inefficient, costly, and risky.


What Businesses Should Do Now: Managing Your Attack Surface


Here are practical steps (especially for startups and scale-ups) to reduce exposure, improve resilience, and manage your digital footprint so that an incident doesn’t bring everything to a halt.


1. Inventory & Map Critical Systems

List all systems your business depends on: ordering, shipping, CRM, ERP, customer support, internal communications. Know which ones are critical, how they depend on others, and which are most likely to fail or be attacked.


2. Prioritise Redundancy for Key Systems

  • Have backup or fallback systems for order/shipping pipelines or ways to process orders manually in emergencies.

  • Ensure that critical communication tools (email, ticketing, support channels) have redundant paths or failover options.


3. Segment & Limit Access

  • Use network segmentation: separate mission-critical systems from less critical ones so a breach in one area doesn’t cascade.

  • Apply least privilege access controls: only give people the access they need. Review permissions regularly.

  • Protect admin and operational systems more aggressively (MFA, hardware tokens, restricted access).


4. Keep Software & Systems Patched & Monitored

  • Regularly apply patches and updates, not just on endpoints but on servers, ordering/shipping systems, communication tools.

  • Monitor logs, look for unusual activity (failed login attempts, unexpected shutdowns or network traffic).


5. Plan for Business Continuity & Incident Response

  • Have a playbook for what you do when an essential system goes down: who is responsible, who communicates with customers, how to switch to manual order processing etc.

  • Run tabletop drills so teams know what to do.


6. Data Backups & Recovery Strategies

  • Make sure backups exist for critical data and systems, and test restores.

  • Use immutable or off-line backups where possible so that backups themselves are less likely to be affected by ransomware.


7. Regular Risk Audits & Third-Party Risk Management

  • Assess third parties (suppliers, vendors) who touch your order/shipment or communication systems. If they have weak security, they can be an entry point or amplifying factor.

  • Make periodic audits of your own tech stack to see what’s exposed (public endpoints, ports, open services).


Conclusion


What Asahi’s attack underlines is that “operations IT” is just as much part of cybersecurity as core product dev. If ordering, shipping, customer service or communication systems are vulnerable, you don’t need attackers to hit your manufacturing floor to suffer major losses.


Cyber resilience isn’t about hoping nothing breaks. It’s about knowing what could break, how to limit damage, and having backup plans baked in.


If this incident has you wondering about your business's weak spots, especially around order pipelines, shipping workflows or customer systems, get in touch. Steel FYI helps small teams map their attack surfaces, build continuity plans, and stay ahead of disruption.


 
 
 

Recent Posts

See All

Comments

© 2022-2025 Steel FYI. All rights reserved.

Vanta Partner badge
Drata Badge

Follow us on social media for the latest cyber security news and tips.

  • LinkedIn
  • White Twitter Icon
  • White YouTube Icon
trustpilot logo
bottom of page