It’s been over two weeks now since Norsk Hydro, one of the world’s largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.
All this, and the company’s new CEO had only started in the job one day before. What a baptism of fire.
I’ve been really impressed with Hydro’s response to the attack, exemplified by the YouTube video they have just released.
Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack, it used daily webcasts and social media posts to keep business partners and the media informed about what was going on, it made clear that it was not going to pay the extortionists who had planted LockerGoga on its systems, they called in the police to investigate, and flew in experts from overseas to help them.
I’ve always considered that a security breach is only part of the story. A large chunk of the narrative, and how it ends up impacting your organisation and reputation, rests upon your response following an incident.
Norsk Hydro has demonstrated that by working hard and being smart, pulling in expertise, and - critically - being transparent in its communications with those outside the company it’s possible to avert disaster.
Sure, it helps enormously that Hydro was prepared - it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.
And, unlike some other victims of cyber attacks in the past, the fact that it had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.
I’m sure there’s still much work to be done before everything is returned to normal, but you cannot fail to be impressed by what they have achieved so far, and hope that it acts as an example for other unfortunate victims in the future.
To find out more about the Norsk Hydro attack, be sure to read this fascinating article by Kevin Beaumont.