When a cyberattack on an industrial facility succeeds, the highest level of concern is for safety. Making sure that process or manufacturing systems don’t endanger lives, or the environment, is paramount.

The next level of concern is business continuity, making sure production is maintained or restarted so customers can be served, and financial losses minimized. In parallel to these operational challenges, executives need to work hard to protect the organization’s reputation.

While data breaches that have been poorly handled by companies capture the headlines, it is refreshing to note an industrial cyberattack response has been applauded by communication experts.

Reverse Engineering GreyEnergy Malware
SOC Central: Combining IT, OT
Managing Risk and Protecting Reputation
Russian Cyberattacks on Critical Infrastructure

The event in question is the LockerGoga ransomware attack on Norsk Hydro.

Schneider Bold

Mihaela Grad, a vice president at corporate reputation management firm Standing Partnership, was asked to identify what stood out about Norsk Hydro’s response, and what lessons can be learned from it. The following is what she had to say.

Key Steps to Protect a Reputation
Cyberattacks disrupt operations, cause financial loss and can also ruin corporate reputations. They bring about heightened scrutiny of the executive team’s reactions and decision-making under pressure, threatening to shatter shareholder and customer trust in a matter of hours.

• Did the company leadership do everything to minimize IT and OT vulnerabilities?
• What steps did they take to contain the damage?
• How are they handling the disruption to business and their customers’ businesses?

The answers to these questions can outlast the immediate impact of a cyberattack. So, what should companies do to prepare and how should they respond if they are hit?

Crisis preparedness includes several foundational elements: A crisis response plan, a cross-functional response team and draft materials for the scenarios most likely to happen. Considering the growing sophistication of malware targeting industrial companies, cyberattacks should be one of the top 5 most-likely-to-happen scenarios.

Norsk Hydro’s response provided a textbook example of how to act well after the LockerGaga ransomware attack. Crisis response is immediate in nature and, when handled well, addresses not only the here and now, but also focuses on restoring long-term trust and minimizing reputational damage.

Here are three key steps Grad said a company should incorporate in a crisis response strategy:

Step 1: Be Transparent
Transparency fosters trust. When your stakeholders learn about all your efforts to prevent an attack and restore operations in the aftermath of an incident, they are more likely to give you the benefit of the doubt and continue doing business with you.

Norsk Hydro went above-and-beyond in its efforts to be transparent. Their executive team met with media and industry analysts every day for approximately a week after the attack to provide updates on their efforts to restore operations, and answer questions.

They posted daily updates on their website and social channels, and offered direct access to their media and investor relations representatives. No questions were off-limits, from the complexity of restoring operations to financial impact, and their collaboration with law enforcement officials.

Step 2: Engage with Stakeholders Through Normal Channels
Even during a crisis, it’s important to remember your stakeholders are accustomed to hearing from your company in different ways. It is not enough to post information on your website. Your social channels need to be updated as well.

Press conferences or on-demand webcasts are a great way of informing stakeholders in various time zones. Legislative representatives, local officials and trade associations might expect direct outreach by phone.

Step 3: Communicate Frequently
A single update is not enough. As daunting as this sounds, it is critical to provide multiple timely updates on the impact of the cyberattack and on the steps taken to contain it. This demonstrates agility, integrity and transparency to your external and internal stakeholders.

You may want to consider devoting part of your website homepage to crisis management updates, storing them in chronological order to show progression. Continue to share developments until the consequences of the cyberattack have been fully addressed.
Heather MacKenzie is director of marketing communications at Nozomi Networks. Click here for the full column.

Pin It on Pinterest

Share This