Industry Reactions to Norsk Hydro Breach: Feedback Friday

Article by Eduard Kovacs – Security Week
22 March 2019

Norwegian aluminum giant Norsk Hydro has been hit by a serious ransomware attack that caused disruptions at some of its plants and forced the company to turn to manual processes to fulfill customer orders.

The attack appears to have involved file-encrypting ransomware known as LockerGoga. However, Norsk Hydro claims it has good backups in place that should help it restore compromised files without having to pay the ransom.

The incident initially had a small impact on the company’s shares, but they quickly recovered. The price of aluminum also increased following news of the incident, but it also started to recover.

While Norsk Hydro could not share too much technical information on the attack due to the ongoing law enforcement investigation, it has been applauded by many for the way it has handled the incident and for being transparent.

Industry professionals have commented on the incident, the way Norsk Hydro has responded to it, its implications, and what companies can do to protect their systems.

Malcolm Taylor, Director Cyber Advisory, ITC Secure:

“Supply chain risk through cyberattack has come to the fore recently. Not, I believe, because it’s become a greater issue or because of attacks like this which are highlighting it, but simply because there is a growing understanding of the inter-connected nature of modern commercial activity and just in time production, and crucially how empowered that is by technology. It may also be a factor, though I think sadly a smaller one, that as firms mature their cyber security, they have the wherewithal, in terms of understanding, time and budget, to begin to get to grips with the problem of their suppliers, which has made the issue gain prominence.

It’s surprising to see the amount of suppliers and third parties which corporates have; certainly for a mid-tier company this can easily be in the thousands. We’ve seen companies with over 20,000; that’s quite a challenge to manage, even with good technological solutions like ours. The basics of good information security apply, as they do for individual clients. Good risk management, appropriate and maintained security controls underpinned by great leadership and governance. Train your people. Do the basics – much ransomware can actually be caught and stopped by good anti-virus, for example. Add that to good patching and have regular backups just in case, and your risk has already dropped significantly. But, also think about suppliers. They bring and carry risk too.”