Transparency, Important Component of Norsk Hydro’s Successful Response to Ransomware Attack

One of the most high-profile ransomware attacks in 2019 was against Norsk Hydro, which is among the world’s leading aluminum production companies. WaterISAC commented on the Norsk Hydro incident on multiple occasions, including in the April 4 Security and Resilience Update where it added to the praise being given to the company by cybersecurity researchers given its stance of being open about what had happened and sharing information about the incident to help prevent others from being affected. In the latest analysis of the incident, an article from Microsoft acknowledges that it was indeed Norsk Hydro’s quick decision to be fully open about the breach that earned it accolades given that most organizations are extremely secretive after getting hacked. The article elaborates on how Norsk Hydro employed its policy of openness, noting that senior staff hosted daily webcasts and answered audience questions, executives held daily press conferences and welcomed journalists into operations control rooms, and even launched a new company website during the attack’s first week. Transparency is core to the Norsk Hydro culture, says Halvor Molland, senior vice president of media relations. By issuing frequent, candid communications about the events, the company also sought to expose the shadowy tactics of cyber criminals and maybe curb similar threats. “We wanted to help other industries learn from our experience,” Molland says. “This way, they can be better prepared for situations like this and not have to go through what we did.” Read the article at Microsoft.