3 Ways Norsk Hydro Kept its Reputation During LockerGoga Cyberattack

3 Ways Norsk Hydro Kept its Reputation During LockerGoga Cyberattack

When a cyberattack on an industrial facility succeeds, the highest level of concern is for safety. Making sure that process or manufacturing systems don’t endanger lives, or the environment, is paramount. The next level of concern is business continuity, making sure that production is maintained or restarted so that customers can be served, and financial losses minimized.

In parallel to these operational challenges, executives need to work hard to protect the organization’s reputation. Nozomi Networks sales managers and system engineers cite “we don’t want to be in the news” as one of the key drivers of investment in industrial cyber security systems.

While data breaches that have been poorly handled by companies capture the headlines, it is refreshing to note a recent industrial cyberattack response that has been applauded by communication experts. The event in question is the LockerGoga ransomware attack on Norsk Hydro.

I asked Mihaela Grad, a vice president at corporate reputation management firm Standing Partnership, to identify what stood out about Norsk Hydro’s response, and what lessons can be learned from it. If you’re concerned about the potential damage a cyberattack could have on your organization’s standing, don’t miss her three key steps to protecting your reputation.

Three Key Steps to Protecting Your Reputation During a Cyberattack

As indicated above, cyberattacks disrupt operations, cause financial loss and can also ruin corporate reputations. They bring about heightened scrutiny of the executive team’s reactions and decision-making under pressure, threatening to shatter shareholder and customer trust in a matter of hours.

  • Did the company leadership do everything to minimize IT and OT vulnerabilities?
  • What steps did they take to contain the damage?
  • How are they handling the disruption to business and their customers’ businesses?

The answers to these questions can outlast the immediate impact of a cyberattack. So, what should companies do to prepare and how should they respond if they are hit by a one?

Crisis preparedness includes several foundational elements: a crisis response plan, a cross-functional response team and draft materials for the scenarios most likely to happen. Considering the growing sophistication of malware targeting industrial companies, cyberattacks should be one of the top 5 most-likely-to-happen scenarios.

Norsk Hydro’s response provided a textbook example of how to act well after the recent LockerGaga ransomware attack. Crisis response is immediate in nature and, when handled well, addresses not only the here and now, but also focuses on restoring long-term trust and minimizing reputational damage.

Here are three key steps to incorporate in your crisis response strategy:

Step 1: Be Transparent

Transparency fosters trust. When your stakeholders learn about all your efforts to prevent an attack and restore operations in the aftermath of an incident, they are more likely to give you the benefit of the doubt and continue doing business with you.

Norsk Hydro went above-and-beyond in its efforts to be transparent. Their executive team met with media and industry analysts every day for approximately a week after the attack to provide updates on their efforts to restore operations, and answer questions.

They posted daily updates on their website and social channels, and offered direct access to their media and investor relations representatives. No questions were off-limits, from the complexity of restoring operations to financial impact, and their collaboration with law enforcement officials.

Another way Norsk Hydro was transparent in its response was the release of videos that showed how the company was responding to the cyberattack.

Step 2:  Engage with Stakeholders Through Normal Channels

Even during a crisis, it’s important to remember that your stakeholders are accustomed to hearing from your company in different ways. It is not enough to post information on your website. Your social channels need to be updated as well.

Press conferences or on-demand webcasts are a great way of informing stakeholders in various time zones. Legislative representatives, local officials and trade associations might expect direct outreach by phone.

Step 3: Communicate Frequently

A single update is not enough. As daunting as this sounds, it is critical to provide multiple timely updates on the impact of the cyberattack and on the steps taken to contain it. This demonstrates agility, integrity and transparency to your external and internal stakeholders.

You may want to consider devoting part of your website homepage to crisis management updates, storing them in chronological order to show progression. Continue to share developments until the consequences of the cyberattack have been fully addressed.

3 Ways Norsk Hydro Protected its Reputation During the LockerGoga Cyberattack

To assess and manage OT risk, and protect your corporate brand, preparedness is key. And, help is available. The experts at Standing Partnership deliver guidance on how to navigate cyber incidents with minimal damage to your reputation.

Paired with advanced technology that rapidly identifies malware and provides time-saving forensic assistance, your organization should be well equipped to weather the storm of a major cyberattack.