The Rise of Cyber Crime
In the 1st instalment of the series, we will be focussing on the cyber-attack that happened to Norsk Hydro- a Norwegian aluminium and renewable energy company, headquartered in Oslo.
In March 2019 a devastating ransomware attack was inflicted on Norsk, one of the largest aluminium producers in the world. The potential financial loss is estimated at $52 million (Automotive News)
What does this mean for the industry and what can be done to limit such a largescale attack?
Matt Feeney, Cyber Team leader at Hamlyn Williams acknowledges that cyber-attacks are becoming much more sophisticated and calculating, posing a serious threat in the future.
“It’s large-scale attacks such as the one inflicted on Norsk, that the need for OT and ICS Engineers is urgently required”- Matt explains
“Hackers will often commit a crime for money, attacks will become more and more frequent especially if companies don’t act now. Companies need to invest in hiring qualified and experienced cybersecurity engineers to avoid potential issues down the line” he adds
The ransomware is different from the previous industrial cyberattacks such as WannaCry and Petya, explains Matt, criminals are targeting company networks and syncronising encryption across their geographical regions.
What is the financial impact?
In the financial report for the first quarter, Norsk equated the impact at $34.6m-$40.4m, meaning the impact in the first half of the year could reach $75m, $23m more than once thought. The largest impact is expected in the company’s Extruded Solutions Division, accounting for $17.3m of the estimated overall impact for the quarter.
This significant loss could have future implications on the business, if these attacks persist, it would certainly have a detrimental effect on investment, shares, and even jobs. Nonetheless, Norsk is expecting some compensation from its cyber insurance policy but they have not revealed how much, or when this will be paid.
The Norsk Hydro financial report coincides with an IBM Security report (Computer weekly) which highlights the cost of a data breach has risen by 12% over the past five years to £3.2m on average globally, with a 10.56% increase in the UK in the past year alone to £3m.
Consequently, the company saw a 32% fall in revenue to $101m for the second quarter compared with the same period a year ago. (Warwick Ashford, Computer weekly)
What do other leading security professionals have to say about the attack?
Piers Wilson, Head of Product Management at Huntsman Security, explains that the attack could potentially affect resource production in Norway, Qatar and Brazil. This means the attackers have been able to cause maximum disruption on a global scale, requiring very little effort in doing so.
“Large scale cyber-attacks have not been widely reported previously in Norway, additionally attacks on the manufacturing sector have been limited. This attack could certainly impact the onward supply chain.”
How can you minimise the impact of ransomware?
Security firm Trend Micro recommends that organisations follow best practices to minimise the impact of ransomware including:
· Creating regular backups files.
· Creating a security culture in the workplace.
· Keeping systems and applications updated.
· Implementing network segmentation and data categorisation to minimise further exposure of mission-critical and sensitive data.
· Disabling third-party or outdated components that could be used as entry points.
· Implementing defence in depth with additional layers of security.
· Securing email gateways to block threats distributed by spam and avoid opening suspicious emails.
What does this mean for someone that works in Cyber?
“You are a valuable asset in protecting and maintaining security systems for large industries and companies ” Matt explains.
“More and more job opportunities will become available as hackers will continue to try and launch these large scale attacks in the future. Me and the cyber team work with some of the leading cybersecurity firms in the world, Cisco and IBM have told us the demand for experienced ICS/OT professionals is increasing”
To fight back against cyber-attacks industries need to hire those with the necessary experience, and work with recruiters who have great market knowledge in sourcing and providing the very best OT/ICS talent.
The rise in Cybercrime is likely to continue in the future as the world gravitates to the innovation and development of technology. Industries and governments need to realise the time to act is now, by being proactive and having ICS/OT professionals will make it hard for cybercriminals and minimise the effects.
If you are looking for experienced cybersecurity professionals to help protect your company, or if you are an experienced cybersecurity candidate looking for a new career opportunity contact Matt via email on m.feeney@hamlynwilliams.com or call us on 0203675 2920 and ask to speak with a member of our Cyber Security Team.