The 2:00 Minute Warning

Last Monday morning, when I was on the tradeshow floor at CSCMP’s Annual Edge Conference, news broke that Estes Express had been the victim of a cyberattack. Almost immediately, I heard from shippers asking two questions. First question: “Should we be concerned about Estes?” Second question: “What should we do?”  

My response to the first question was a resounding “No. Estes is a very good carrier and has been around for a lot of years.” The answer to the second question was to quote those words from a World War 2 poster that Winston Churchill made famous: “Keep Calm and Carry On! Let’s see how this plays out over the next couple of days.”

We then reached into our network and learned the following: This attack had occurred over the weekend and impacted their EDI capabilities, IT resources, and phone system. When their doors opened on Monday, the attack had resulted in a substantial reduction in freight being moved in the Estes network. By Tuesday, most of their critical IT infrastructure had been restored and Estes was moving more freight, but only after they had tested and were confident that their systems were OK. By Friday, Estes was fairly close to resuming normal operations.

After things calmed down, I spoke with my friend Rob Estes, the CEO and Chairman of Estes. Rob was gracious and confirmed what we had been told, but he then made some other observations. First, since Estes knows that no company is immune to the threat of a cyberattack, they had a written disaster recovery plan that had been tested and could be immediately put in place to guide them through the steps to handle a cyberattack. 

Second, the Estes team, led by Webb Estes, the COO and President of Estes Express, followed the plan and were able to bring their system back up in a timely and organized manner. As part of their disaster recovery plan, they had prioritized which types of freight to bring back online first.

Add it all up and they didn’t panic! They recognized the importance of communicating with their customers and also reaching out into the transportation marketplace. For example, last Friday they posted the following message to X (formerly Twitter):

“Earlier this week, Estes announced that it had experienced a cyberattack impacting the company’s IT infrastructure. We are pleased to report that many of our core systems are once again operations following the implementation of additional security measures. Our team has been working tirelessly 24/7 and will continue to work to bring our remaining systems back up securely and safely.

All of this, including our ability to continue serving our customers through this attack, is because of the resiliency, collaboration and ingenuity of our team. Despite the impact this has had on Estes’ system, there has not been a moment when we were unable to move freight or support our employees’ livelihood. We’re working tirelessly to fully restore the rest of our network and will share updates accordingly. Thank you to our customers, employees and partners for their trust, patience and cooperation through this ordeal.

We remain Estes Strong, open for business and effectively moving freight.” 

It is important to highlight some other lessons learned from this attack. Capacity in the LTL industry has tightened with Yellow’s closure in August. That’s why we want to say thank you to those carriers who helped when we asked them to pick up shipments that were normally tendered to Estes. It was reassuring to see these LTL carriers were there for customers when they needed them.

Another lesson learned was the need to have a written disaster recovery plan that has been tested. For shippers, while most companies have an IT disaster recovery plan, consider asking: Does your company also have a written Supply Chain Disruption Plan that addresses what to do when disruptions like the Estes cyberattack occurs, or when there is a problem with suppliers or other carriers?

If you’re looking for more information or have questions, we encourage you to give us a call at 630-833-0890, send us an email or schedule a meeting.

BY MIKE REGAN, CO-FOUNDER OF TRANZACT

CONNECT ON LINKEDIN

LET'S TALK! BOOK AN APPOINTMENT WITH ME