An interview with Pål-Erik Winther on the Norsk Hydro case
An interview with Pål-Erik Winther on the Norsk Hydro case
06.05.2019 12:15 EEST (UTC +3)
In the light of the ransomware attack targeting Norsk Hydro and the estimated costs it incurred up to date around NOK 500 million (€36-45 million), we decided to talk cybersecurity with one of our best experts, Pål-Erik Winther.
Striving to be a change-agent for organizations, Pål-Erik brings 20+ years of IT and business experience, with expertise in Microsoft Azure, Data Center Architecture, Office 365, EM+S, Microsoft Information Protection, and overall IT Operations Leadership. In this interview, Pål-Erik shares with us his insights on the current state of cybersecurity, which may lead to data breaches and how to avoid them with today's world-class Microsoft Technology.
First of all, when a company like Norsk Hydro, which has highly skilled IT personnel, and a good strategy for their IT security, can be impacted by attacks like the one we saw recently, we should all be concerned. We cannot say that as long as we take precautions, we will be safe. We can, however, say that taking precautions can reduce the attack surface and make us safer. I think we sometimes tend to think of our businesses as IT businesses, but they seldom are. Our businesses are human, and to err is human as they say. Creating solutions that can help us not to do some of these mistakes might save us from some of these situations.
Without knowing in detail which solutions are in place at Norsk Hydro, this would be impossible to answer. On a general note, I would say that our strategies usually depend on what kind of solutions we have put in place. Do we have our systems and applications in the cloud or on-premises? Most likely both. The danger when answering a question like this is that it will always seem like just throwing out abbreviations to some people, at least the ones who do not know these exact features. Unfortunately explaining to them the different solutions and systems will take more time and space then we have here. By implementing some of the solutions Microsoft offers, we can make Azure and Office 365 safer. Examples could be to secure their admin accounts by using Privileged Identity Management, and using Multi-Factor Authentication for all user accounts (especially for admins and logins from outside the office). Solutions like Microsoft Advanced Threat Analytics (for on-premises), Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, Office 365 Advanced Threat Protection use machine learning, network logs, and events as well as past user and device behavior to detect suspicious activity and malicious attacks. If we are afraid of losing our sensitive data, we can use services like Azure Information Protection and Office 365 DLP.
This is not an easy question to answer. I would say that maximal cybersecurity may be achieved by deleting all our online identities and going offline. But seriously, for my part, I usually never look for extremely strict solutions to these problems and I don't think it consists of a couple of simple things. Segmenting networks, good firewalls, monitoring solutions and clever antivirus/antimalware etc. are all important, but having informed users who have good knowledge of the threat landscape helps significantly. When it comes to my field which is information protection, we try to implement solutions that can help us protect data and make us less likely to share sensitive data to someone by accident for instance. We often start our projects by working together with security departments to gain insight into how they work, what kind of sensitive data they use/have, how they store and share information etc.
Being a little paranoid helps too. Many of us never think about how our world changes when we work with equipment that connects us to the internet. Maybe we are naive, but I suppose we are used to people around us mostly being trustworthy and kind. And when the internet became a part of our lives, no one told us about all the sharks that were in the water. Although the internet has provided us with a lot of possibilities and made our lives easier in many ways, I think it is essential to always keep in mind that there are people out there who are not like our family and neighbors. They are not friends, not interested in our safety or happiness but are after our money, our data, our business secrets and more.
By the way, no one out there will ever want to give you a free iPad, or vacation or anything free at all. If you are offered something valuable from a stranger on the street, wouldn't you be suspicious? Why not on the internet? Also, everyone should be aware that none of the major IT companies will ever contact you out of the blue. Knowing all that and having that paranoia with us at all time might be the best security solution of them all.
Well, I would say that proper security can exist both on-premises and in the cloud, and also very much the opposite. In most cases, we are connected to the outside world as much on-premises as we are in the cloud, and no matter where our data resides, we need to implement solutions to protect our interests.
I believe that there is an existing security gap for many organizations. Many companies have highly skilled security workers and cutting-edge solutions, but many others do not have a good security strategy in place. Maybe because they believe it is too time-consuming or expensive to get started or they are busy with other things. I believe that many companies could do more when it comes to security and training, and in my experience, this is not unique for Norwegian companies. A good start is knowing what is important to you. For some companies, it might not mean much to lose all their data, but for many of us, it would be catastrophic.
If you are using Microsoft cloud solutions (like most of the companies I work with), there might be many possibilities you may not know of and you are already paying for the licenses. If you have Office 365 E3 or E5 for instance, then you also have information protection in Office 365, Office 365 Message Encryption and many other features. Having Enterprise Mobility + Security licenses provide a world-class security protection. In addition, you can use Privileged Identity Management, Multi-Factor Authentication, Azure Identity protection, Azure Information Protection and much more.
I would say more intelligent security solutions — Machine Learning, Artificial Intelligence and so on. Unfortunately, as our security gets better, the external threats are also evolving. It will be interesting to see how the cybersecurity landscape would look like in a few years.
Principal Solution Architect, Innofactor Norway
+47 92 84 10 25, firstname.lastname@example.org
You can also find Pål-Erik on Twitter under @pewinther.