ITCS Blog

Norsk Hydro: The ultimate example in handling a data breach

We regularly post about being prepared for a cyber attack in your business, but the sad fact is, that sometimes, they happen. 
So, if you’re hit by a Cyber Attack, what do you do?

The Norsk Hydro Cyber Attack: March 18th 2019

Norsk Hydro, one of the world’s largest global producers of aluminium, suffered production outages after a cyber attack affected operations across Europe and the U.S. Hitting 160 plants worldwide, many branches had no choice but to switch to manual operations, and several of its metal extrusion plants used to make components for car manufacturers and other industries were shut.
Not only this, but the company’s new CEO had only started one day before. Talk about the ultimate test.
It’s clearly a situation that no business wants to find itself in. But the way in which the company reacted, we believe, was extremely impressive and should serve as an example for all business. In fact, many industry professionals have agreed that both operationally and from a PR perspective, the company’s reaction may well become industry standard.
Here are some of the main takeaways that other businesses can take from the attack:

1) Honesty is the best Policy

One of the most commendable aspects of Hydro’s response to its’ data breach was its transparency: Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack. The company utilised daily webcasts and social media posts to keep business partners and the media informed about what was going on. With its email systems down, the company used Facebook as a main source for communication. They also used a redirect on their website, sending users to a temporary Azure hosted area:

holding page norsk hydro

The temporary holding page that Norsk Hydro Sent users to after the attack

This allowed them to control the narrative from the outset: The company has been completely transparent about the scale of the incident, constantly reassuring stakeholders and media about their efforts to tackle it.

The result? Well, most tellingly, the company’s share price has remained more or less constant throughout the attack’s aftermath. Despite such major upheaval, insurance company RMS believe that Hydro behaved exceptionally in terms of its communication of the breach:

“One of the critical factors in cyber breach response and recovery is executive action, including public communications, accountability, and responsibility,” RMS said.

2) Forewarned is definitely Forearmed:

It’s well known among businesses that cyber attacks are now a ‘when’ not ‘if’ scenario. Therefore, being prepared for incidents such as this should now be commonplace.

At a news conference, Hydro’s finance director Eivind Kallevik said that the company would not pay the extortionists:

We have good back-up routines. Our main strategy is to reinstall data from the back-up systems.”

Any business would hate to find itself in the position of having to shutdown operations for any longer than absolutely necessary following an attack. Hydro was the ideal example of a business that is prepared: it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

It would be prudent and good practice for any sized business to build its’ cyber defences and segment networks, to reduce the chances of an attack successfully permeating your organisation. Ensure that you have a secure, working backups of your critical data so you can get back up and running as soon as possible if an incident does occur.

3) Upgrade to the Cloud:

Unlike some other victims of cyber attacks in the past, the fact that Hydro had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

Cloud hosting not only serves as a disaster recovery solution, but allows portability: everyone in your business can access data across multiple offices or different locations on the go.

4) A business is only as good as its’ people:

Hydro released a Youtube video on April 2, explaining the attack. In it, the company states how its employees were prepared to do whatever it took to get the company back up and running: ‘with a tremendous effort of our colleagues…the plant has managed to get production back up to 100% normal, despite operating in manual mode’. Staff spent hours building a manual drawing archive so that orders could be fulfilled. ‘Everyone wants to help,’ the video states, ‘we do not even have to ask people’.

Did you know that globally, human error is the second largest cause of data breaches? At Hydro, staff are experienced and prepared, so they were able to be proactive and run manually for a while.

Watch their video here – it really provides an insight into the dedication of the company’s staff:

Ensure your personnel are clued up and prepared for a security breach, and know exactly what to do in the event of a cyber attack.

Rounding up:

LockerGoga is a particularly nasty form of ransomware as it has the capability for destructive erasure (also known as “wiping”). The attack on Hydro could have caused severe damage to industrial control systems, had the ransomware gained network access. As the Insurance Journal said, “If it had become necessary to do an emergency shutdown of critical plant, this could have led to a very costly recovery operation”.  This actually happened at a German steel mill in December 2014.

It is almost certain that there will still be a battle at the organisation before everything is returned to normal, but you cannot fail to be impressed by what the global company have achieved so far. They should serve as an example to us all in how to prepare, and react to, a cyber security attack.

WebNorsk Hydro: The ultimate example in handling a data breach