CEOs Adopt Communication Roles Post-Cyberattack Crisis Management
In the rapidly evolving digital landscape, the role of CEOs in incident response has become increasingly crucial. This was evident during the ransomware attack on Colonial Pipeline, a significant US fuel infrastructure company, on May 7, 2021.
Colonial Pipeline's CEO, Joe Blount, was quick to emphasize the importance of transparency and frequent communication during the crisis. This emphasis translated into a daily communication schedule with federal agencies, stakeholders, and the board, ensuring all parties were kept informed about the evolving situation.
Blount's role shifted significantly towards managing communications during the crisis. He was instrumental in prioritizing and delegating which mission-critical systems needed immediate restoration, and there was no questioning the pipeline shutdown in the first hour of the ransomware discovery.
The Department of Energy became Colonial's main point of contact during the attack. The company worked closely with authorities to ensure the recovery of their critical systems, although specific coordinated actions with authorities to restore systems are not detailed in the available search results.
Meanwhile, another company, Accellion, faced a similar crisis due to the exploitation of their File Transfer Appliance (FTA). Accellion's CEO, Jonathan Yaron, and other C-suite executives were available 24/7 to customers and government agencies globally, providing reassurance and guidance throughout the ordeal.
In response to the incident, Mandiant (formerly FireEye) made the decision to shut down its Accellion instance due to the exploitation. Mandiant's confidence in Accellion's technology was bolstered by transparency from Yaron and the C-suite, allowing them to turn the system back on after the issue was addressed.
CEOs like Blount and Yaron understand the need for real-time information in the wake of a massive cyberattack, even when there is little information to provide. After the incident, Blount's responsibilities shifted to cybersecurity, underscoring the importance of this area in modern business operations.
In the aftermath of such attacks, CEOs often prioritize identifying potential victims, providing a patch for the first zero day within 72 hours, and encouraging upgrades from legacy solutions. Accellion's CEO, Yaron, even advised potential clients to halt the use of the technology without board approval.
Both Colonial and Accellion sought assistance from external security firms for forensic analysis. The Cybersecurity and Infrastructure Security Agency (CISA) was involved in the ransomware attack response via the FBI.
In conclusion, the cases of Colonial Pipeline and Accellion highlight the critical role CEOs play in incident response after a major cyberattack. Their quick action, transparency, and commitment to keeping stakeholders informed are key to navigating these challenging situations.
