CEOs assume communication leadership roles post-cyber breaches
In a series of unprecedented cyber incidents, both Colonial Pipeline and Accellion found themselves in the crosshairs of ransomware attacks.
On May 7, 5,500 miles of Colonial Pipeline were shut down due to a ransomware attack. As the company scrambled to contain the situation, Colonial Pipeline CEO Joe Blount took charge of cybersecurity operations. Blount had an informal agreement to communicate daily with the board during the attack, and he considered his role to be primarily in communications.
During this critical time, Colonial Pipeline had to prioritize restoring mission-critical systems. Not all questions from various parties were deemed critical during the primary focus of containing the ransomware attack risk. The company also had to delegate what mission-critical systems needed to be restored.
The Department of Energy became Colonial Pipeline's main point of contact during the ransomware attack, with the Cybersecurity and Infrastructure Security Agency (CISA) being looped in via the FBI. In addition, Colonial Pipeline had to answer questions from multiple parties, including regulators.
In a separate incident, Accellion's File Transfer Appliance (FTA) solution was exploited. In response, Accellion's CEO Jonathan Yaron made himself available 24/7 to customers and government agencies during the incident. Mandiant (formerly FireEye) shut down its Accellion instance due to the exploit, and communicated directly with Accellion's CEO and CSO. Transparency from Yaron gave Mandiant confidence in Accellion's technology, leading to its reactivation.
Both Accellion and Colonial Pipeline enlisted outside security firms for forensics to provide unbiased second opinions. When a major cyberattack occurs, CEOs often become central figures in incident response. CEOs expect real-time information during such incidents, even when little information is available.
It was unclear at the time if the ransomware had affected Colonial Pipeline's operational technology (OT) environments. However, the ransomware attack on Colonial Pipeline resulted in a significant shift of focus from typical CEO responsibilities to communications.
In conclusion, the ransomware attacks on Colonial Pipeline and Accellion serve as a stark reminder of the increasing threat of cyber attacks on critical infrastructure. Both companies responded quickly, enlisted external help, and maintained open lines of communication with their stakeholders. As the digital landscape continues to evolve, it is essential for companies to be prepared for such incidents and have robust incident response plans in place.
