3 Ways Norsk Hydro Kept its Reputation During LockerGoga Cyberattack

When a cyberattack on an industrial facility succeeds, the highest level of concern is for safety. Making sure that process or manufacturing systems don’t endanger lives, or the environment, is paramount. The next level of concern is business continuity, making sure that production is maintained or restarted so that customers can be served, and financial losses minimized.

In parallel to these operational challenges, executives need to work hard to protect the organization’s reputation. Nozomi Networks sales managers and system engineers cite “we don’t want to be in the news” as one of the key drivers of investment in industrial cyber security systems.

While data breaches that have been poorly handled by companies capture the headlines, it is refreshing to note a recent industrial cyberattack response that has been applauded by communication experts. The event in question is the LockerGoga ransomware attack on Norsk Hydro.

I asked Mihaela Grad, a vice president at corporate reputation management firm Standing Partnership, to identify what stood out about Norsk Hydro’s response, and what lessons can be learned from it. If you’re concerned about the potential damage a cyberattack could have on your organization’s standing, don’t miss her three key steps to protecting your reputation.

The LockerGoga ransomware caused Norsk Hydro to reduce aluminum extrusion output, a process that uses a machine like the one above. The attack cost the company approximately $52 million.

Three Key Steps to Protecting Your Reputation During a Cyberattack

As indicated above, cyberattacks disrupt operations, cause financial loss and can also ruin corporate reputations. They bring about heightened scrutiny of the executive team’s reactions and decision-making under pressure, threatening to shatter shareholder and customer trust in a matter of hours. 

• Did the company leadership do everything to minimize IT and OT vulnerabilities?
• What steps did they take to contain the damage?
• How are they handling the disruption to business and their customers’ businesses? 

The answers to these questions can outlast the immediate impact of a cyberattack. So, what should companies do to prepare and how should they respond if they are hit by a one?

Crisis preparedness includes several foundational elements: a crisis response plan, a cross-functional response team and draft materials for the scenarios most likely to happen. Considering the growing sophistication of malware targeting industrial companies, cyberattacks should be one of the top 5 most-likely-to-happen scenarios.

Norsk Hydro’s response provided a textbook example of how to act well after the recent LockerGaga ransomware attack. Crisis response is immediate in nature and, when handled well, addresses not only the here and now, but also focuses on restoring long-term trust and minimizing reputational damage.

Here are three key steps to incorporate in your crisis response strategy: 

Step 1: Be Transparent

Transparency fosters trust. When your stakeholders learn about all your efforts to prevent an attack and restore operations in the aftermath of an incident, they are more likely to give you the benefit of the doubt and continue doing business with you.

Norsk Hydro went above-and-beyond in its efforts to be transparent. Their executive team met with media and industry analysts every day for approximately a week after the attack to provide updates on their efforts to restore operations, and answer questions.

They posted daily updates on their website and social channels, and offered direct access to their media and investor relations representatives. No questions were off-limits, from the complexity of restoring operations to financial impact, and their collaboration with law enforcement officials.

Comments are closed.