How to maintain full treasury operations in the midst of a cyber-attack?
Follow Norsk Hydro’s gold standard response
The treasury team worked with its banking partners to institute cash management procedures that allowed the company to function during the attack without having to make the ransom payment.
In the immediate aftermath of the attack, all accounts were closed. The treasury team worked closely with its largest banking partner, J.P. Morgan, to ensure critical payments could be made in isolation from the attack, via a separate, clean air-gapped network. The team coordinated with the bank to closely monitor the company’s cash movements to ensure that no fraudulent payments were made and to receive guidance and support from cyber experts within the bank.
They also established a playbook with procedures to ensure settlement of margin calls and other larger value transactions to ensure terms were not breached. Then smaller transactions were executed via manual payments and completed on a country by country, division by division and case by case basis until all treasury systems could be brought safely back online.
Getting treasury fully back online was crucial for a company with two million commercial payments per year; communication and close cooperation with their internal teams and banking partners was central to achieving this.
As a result of this close collaboration, treasury was able to maintain BAU throughout.
The organisation also used this experience to test all of its systems and relationships – both internally and externally – and identified the need to implement host-to-host capabilities to help better prepare to execute mass payments in the face of future incidents.
This entire response, keeping treasury functioning under the most trying of circumstances, was accomplished by a small global cash management team of 10 professionals operating out of the company’s Oslo headquarters.
Hydro’s effective cyber-incident response plans allowed the company to quickly respond and recover despite coming under attack from new ransomware known as “LockerGoga.” Hydro’s sustained resilience throughout the attack demonstrated the success of steps taken, which minimised the effects of the incursion.
Their approach was also recognised with the 2020 Adam Smith Award for Best Cybersecurity Solution.
Andrew Fullarton, Head of EMEA Natural Resources at J.P. Morgan.
To learn more about how we can support your business, contact your J.P. Morgan representative.
J.P. Morgan is the marketing name for the Wholesale Payments business of JPMorgan Chase Bank, N.A. and its affiliates worldwide.
The products and services described in this document are offered by JPMorgan Chase Bank, N.A. or its affiliates subject to applicable laws and regulations and service terms. Not all products and services are available in all locations. Eligibility for particular products and services will be determined by JPMorgan Chase Bank, N.A. or its affiliates.
© 2020 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A.