Major Disruption to Global Operations Stopped
The Challenge
DEFA needed to respond quickly when unauthorized network traffic was detected in its legacy environment.
With interconnected factories across multiple countries and limited visibility in older on-premises systems, the risk of lateral spread was high. The team faced a difficult choice: spend time investigating further, or act immediately and accept major disruption to global operations.
When I realised we didn’t have containment, I knew what to do — there was only one viable option: to pull the plug.”
Jan Hatlebrekke, Head of IT Operations at DEFA
The Solution
Led internally by DEFA’s IT team, the company chose to isolate first and investigate second.
Internet access across the organisation was shut down to contain the threat, while internal systems were kept running where possible. At the same time, DEFA worked with external partners to trace the attacker’s movements, assess affected systems, and begin restoring operations in a more secure way.
Rather than simply rebuilding what had existed before, the company used the incident to accelerate cloud migration, retire outdated systems, and strengthen identity and access controls.
Fortytwo’s Contribution
Fortytwo’s expertise and hands-on support helped DEFA restore operations quickly while at the same time using the crisis to modernise and strengthen the digital environment. The response was supported with Fortytwo as a trusted IT and security partner through:
The Outcome
With the help of Fortytwo and its partners, DEFA contained the intrusion within 48 hours and resumed production in controlled phases within the week.
No critical data was lost, more than 40 percent of legacy systems were retired, and the remaining environment was secured.
The result was a leaner, more secure digital foundation with stronger controls, better visibility, and a faster path to cloud modernisation.
Need help with Cybersecurity?
Contact us! We would love to talk to you about your challenges and how we might help!