No aluminium for you!
Norsk Hydro, one of the biggest producers of aluminium in the world, was hit by a major ransomware attack this week. Had it been limited to the United States where it began, we might not be writing about it now. But, of course, it wasn’t; instead, the malware spread to other parts of the company, which has operations in 40 different countries, eventually taking down the entire global company network. If internal security wasn’t already part of Norsk Hydro’s cyber security plans, we’d guess it will be in future.
In an increasingly interconnected world, this is something all businesses should be aware of. Every part of your organisation could be a potential threat to every other part, even if they’re not in the same physical location.
The reason for this is, of course, is the internet. Remote access and VPNs enable workers to access shared resources and to easily communicate with each other, and the benefits of this are myriad.
However, business owners and IT managers need to take this interconnectedness into account when choosing or implementing their cyber security solutions. Rather than simply viewing each department, branch, factory or plant as a separate entity, it’s necessary to also look at the corporate network as a whole. This should also extend to remote workers, freelancers and mobile devices.
There are still scant details about what happened at Norsk Hydro, so it’s impossible to say at this stage whether the company’s internal security was up to scratch or not. Nonetheless, the company’s troubles can serve as a helpful reminder to the rest of us: make sure VPNs are properly secured, that all users are accounted for and that you have a robust device management solution in place.
If there’s a happy ending to this tale, it’s that, according to the CFO, Norsk Hydro’s “main strategy is to use backup.” That suggests the firm has a reliable backup and disaster recovery solution, one that is frequently tested to ensure it’s working – at least, that’s what we hope…