Dagens Næringsliv on the Hurtigruten cyberattack

Dagens Næringsliv quoted me on the extensive cyberattack that hit Hurtigruten: Hurtigruten rammet av omfattende dataangrep (in Norwegian, subscription).

Hurtigruten was one of several large Norwegian organizations to be knocked over by ransomware, with systems taken offline and operations disrupted. The pattern by this point was familiar: capable groups getting in, moving through the network, and detonating ransomware across critical systems.

My consistent message on these incidents is that the outcome is decided long before the ransom note. Whether an attack becomes a footnote or a headline depends on the fundamentals you invested in ahead of time: tested and offline backups, segmentation so an intruder cannot reach everything at once, detection that catches lateral movement early, and a rehearsed response plan. Ransomware is not magic. It exploits the gaps organizations already knew about and had not gotten around to closing.