“It took us almost five weeks to get back online,” said Pål Johnsen, a former ICT Manager at Saint-Gobain in Lillesand. The company was hit by the Not Petya attack of June 2017.

“The more digital you are, the more vulnerable you are. Be paranoid and trust no one!”

A conference on cyber security left attendees with a heightened sense of awareness, as cyber security experts revealed how easily people with bad intentions can disrupt and hurt your business. Attendees were also presented different measures for how to better protect themselves.

A handful of highly qualified speakers, from The Norwegian National Security Authority, NTT Security, Equinor, Noroff and others, provided insight into a variety of threats and how to set up a more hacker resistant ICT environment.

LILLESAND COMPANY HARD HIT IN 2017
Pål Johnsen, a former ICT Manager at Saint-Gobain in Lillesand, part of the global Saint-Gobain Group, shared an ICT Manager’s horror story, when he told the audience about the major Not Petya attack of June 2017.

“I was waiting for a rock concert to start when I first noticed that our mail system was down. Shortly after, I received a concerned message from a co-worker. Later, more concerned messages. I tried to get a hold of 15 people in the Nordic ICT department of Saint-Gobain’s, but no one answered. That was when I realized something serious had happened,” said Johnsen.

Saint-Gobain Group, present in 68 countries with more than 180,000 employees, was one of the major companies that were reported to be victims of the attack. Danish Maersk was another.

“Everything was down. No digital tools worked. It took us almost five weeks to get back online. The operation involved a number of ICT experts flown in from the US. Saint-Gobain lost an estimated 200 million Euros as a result of the attack. According to news reports, Maersk was even harder hit,” says Johnsen.

BASIC PRINCIPLES FOR ICT SECURITY
“The main ICT security risk is that people don’t realize that they don’t understand ICT,” says Ernst Unsgaard, Chief Information Security Officer at The Norwegian National Security Authority (NSM).

He recommended everyone to read the NSM’s Basic Principles for ICT Security (in Norwegian).

Equinor Advisor Jan Munkejord accounted for Equinor’s ICT rules and regulations that apply to suppliers.

“Failure to comply with our expectations will disqualify your company as a supplier to Equinor,” says Munkejord.

UNDERSTANDING THREATS
Five business clusters and partners in the Agder region organized the Cyber Security Conference at Fevik Strand Hotel in Grimstad Thursday: GCE NODE, Eyde Cluster, Maritime Forum South, Noroff University College and Norwegian Society of Electrical and Automatic Control (NFEA). Approximately 55 people from 25 companies attended.

“Our aim was to build an understanding for the threats and challenges related to cyber security for the business sector and what you can do to protect your business,” says Jan Helge Viste, Project Manager Digitalization at GCE NODE.

The conference also included sessions on white hat hackers and cyber insurance.

Ernst Unsgaard, Chief Information Security Officer at The Norwegian National Security Authority (NSM), recommended the agency’s Basic Principles for ICT Security.

 

Jan Munkejord talked about Equinor’s ICT expectations to suppliers.