Skip to main content

Circular economy driver strengthens resiliency after successfully repelling a cyberattack

Rapid threat response provides path to a broader transformation

The Starting Point

The circular economy is growing, enabled by companies such as TOMRA. Founded in Norway in 1972, the organization has steadily grown worldwide asan industry leader that is helping to shape the future of the planet while continuing to innovate on the digital front –offering collection, sorting, and other sustainability-focused solutions to clients in industries such as mining and food production.

But as TOMRA’s global profile and digital capabilities have grown, so have the potential cyber risks. One recent summer, those risks came into sharp focus after the company endured a cyberattack. The event forced TOMRA to proactively shut down services and disconnect sites to contain the attack, while shifting to manual workarounds to seamlessly continue operations as the company determined its next steps.

More than responding to the attack, company leaders understood that they needed to go a step beyond. They needed to plan for the evolution of the business and the cyber landscape—and become a more resilient, cyber-ready organization.

Factors in focus

  • Growing digital business processes across the organization, including operations in 100+ countries
  • A cyberattack that forced the company to pursue manual workarounds
  • The need for long-term cyber readiness, response, and recovery capabilities

The Way forward

The threat actor had infiltrated TOMRA’s systems, installed a backdoor, and then moved across the company’s cloud and on-premises systems possibly preparing for a ransomware attack. TOMRA specialists swiftly identified the incident and contained the attacker—isolating affected systems, limiting the attack's impact, and protecting the company’s data. But what should happen next?

To ensure that the threat had been thoroughly eradicated, to reduce additional risks, and to position the company for long-term cyber success, TOMRA leaders enlisted the help of Deloitte. Leveraging Deloitte’s Cyber Incident Readiness, Response, and Recovery (CIR3) services, TOMRA was able to address a broad array of needs, helping the company become more resilient across its business.

Building on TOMRA’s initial response, Deloitte collaborated with the company to create joint teams that included Deloitte forensics and legal professionals, as well as technical architects and other specialists. An initial technical investigation team began work at six locations in five countries, focused on understanding how the attack had happened and taking steps to fully remediate it. Joint teams also established processes for engaging with TOMRA customers, vendors, and others— focused on providing timely timely, transparent and relevant communication, and bolstering trust among stakeholders.

At the same time, teams were working together to rebuild TOMRA’s landscape of IT and digital business processes to create a new minimum viable company that could securely continue operations for the company’s most important processes. Within 60 days, TOMRA and Deloitte created a new technology landscape for multiple critical business processes, restoring operations that included new cyber tools and controls for improving security and resilience.

To help TOMRA recover from the initial cyberattack—and develop a more comprehensive approach to cyber readiness—Deloitte brought in professionals across its global network to do the hands-on work as well as strategic planning.

The ongoing cyber transformation for TOMRA has helped put the company on a more solid foundation. In addition to reducing systems complexity and increasing security for cloud, TOMRA’s journey has given leaders greater visibility into the company’s digitally enabled processes, provided processes and tools to prevent and handle cyberattacks, increased cyber awareness, created a more resilient organization, and bolstered customer trust.

The journey will continue, improving cyber security posture and making TOMRA excel and be able handle future cyber threats.

The achievements

Let's talk cyber

What will your organization do when the next cyberattack happens? How will you rapidly respond to and recover from an incident—while building trust in your business?

Discover how Deloitte’s Cyber Incident Readiness, Response, and Recovery (CIR3) services can help your organization face the future with greater strength and resilience. Contact us to get the conversation started.

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey