Estes execs recap hack experience in unusual video presentation

Webb Estes admits to tears; partnership with outside adviser strongly recommended

Estes Express executives discussed the cyberattack on their company in a recent video. (Photo: Jim Allen/FreightWaves)

Two of the key executives caught up in the maelstrom of the recent hack on Estes Express — including one whose name is on the headquarters — have released a remarkable video that talks about how the company dealt with the cyberattack that led to a shutdown of most of the LTL’s operations. 

The video features President Webb Estes and CIO Todd Florence. It was released password protected to the media, and a spokesman for Estes said it may eventually be released to the public but is not available now. 

There is no requirement for such a presentation; Estes Express is private and can do what it wants.

But Webb Estes said he and other company executives had chosen to be public “in an effort to make the industry stronger and to share with as much of the industry as we can, to help make us all stronger and better.”


“It really is us versus them as opposed to trying to play a corporate game of gotcha with one another,” he said. 

The video is short on specific recommendations on avoiding a cyberattack but covers a wide range of steps that a company should consider in dealing with one. 

Todd Florence (l) and Webb Estes in video presentation on company’s recent cyberattack. (Photo: Estes Express)

Crying while recording a video

Webb Estes in particular talked in an openness normally not heard from top executives of companies that have about 22,000 employees. Webb Estes, who released videos during the hack to keep the company’s customers and others up to date on progress, said several weeks earlier he had sat in the same room where the latest video was being recorded and as he got ready to record that first status video, “I cried through the first two takes, and that’s humbling.

“There’s just emotions there and I would say you kind of have to fight through those,” he said. “You have to recognize them, not hide from them. But you also have to recognize that I’m paid for a job and we’re going to find a way through this together.”


And while the discussion between Webb Estes and Florence did focus heavily on the issue of team management during a crisis, there were several points of discussion regarding what other companies should do to ready themselves for an attack that Florence said is most likely “not if, but when.”

One question submitted by the media that was not addressed was whether Estes paid ransom to help end the attack. 

Webb Estes said when a company is hit like Estes Express was, “you realize that customers have choices and options, and they don’t have to go with you.”

Estes Express is private, so it does not disclose its finances. Webb Estes also said it has no debt, so he “didn’t need to speak with bankers.”

Lack of a financial impact

But he indirectly shot down any suggestion that other LTL companies were able to grab significant market share as a result of the hack. “I am proud to say that at this point, we are back  hitting numbers that are up year over year,” he said. 

Florence said Estes Express had “noticed some outside actor activity on our network” on Oct. 1, a Sunday. By later that day, the word was spreading, boosted by an Estes Express tweet that didn’t use the word “cyber” but told the world that it was having technical problems. 

Operations returned in stages, often accompanied by a video from Webb Estes. His final pronouncement that all operations were back to normal was put on X Oct. 24

But the attack was not all-encompassing, Florence said, and many of the technical capabilities at Estes were shut down by the company’s own decision.


“If there was a big red button, this is kind of what we pushed,” Florence said. All network connectivity was turned off, “and we did that in an attempt to protect our employees, our customers, our partners and then to give us a playing field from which we understood what was going on.”

Estes Express did have an “incident response” plan that it had put together with Guide Point Security Services. “We probably had them engaged within 90 minutes of turning off all the network connectivity,” Florence said.

That relationship came in for significant praise by both Florence and Webb Estes. Companies should have “somebody they know on speed dial” when they get hit in such an attack. “We surveyed lots of different companies to pick one,” he said, adding that a cybersecurity partner needs to understand culture as well as technology.

Having a partner also helps a company get past some tough internal times. “Conversations can get heated pretty quickly when you’re trying to figure out what is the right path to go,” Florence said, noting that a partnership with an outside company, with an incident response plan in place, allows a company to avoid “spending a lot of time in the worrying and more about how do we move forward.”

Communication systems mostly weren’t affected by the hack and instead stopped working because of Estes Express’ decision to shut them down, Florence said.

And Webb Estes said the company needed to avoid the temptation to bring back too quickly those systems that weren’t hacked. “I almost felt like we could get up in 24 hours,” he said. “But part of that process is you’re also trying to make sure that when you do come back up, you come back up clean and secure.”

A message that came through numerous times during the discussion is that mistakes are going to be made in the recovery and the best way to deal with them is to accept that they are going to occur. Florence said there were plenty of instances of seeing some employees take steps that were inventive but then on further review, “we’d come back and say, ‘Don’t do that, please.’” But overall, “the teams found lots of ways to get things done.”

Go home! 

Dealing with burned-out employees is a key challenge, both Florence and Webb Estes said.

“I saw that our role wasn’t just to be making good decisions,” Webb Estes said. “It was counselor. It was, ‘Hey, you need to go home and get eight hours of sleep and then come back and give me a strong 16, but like get out of here now. Take your break.’”

Both Florence and Webb Estes recommended spending money to prepare and defend in advance. 

“I think what you’ll see coming out of this is continued investment in more security,” Florence said, adding that earlier investments in cloud technology were able to prevent the hack from being more extensive.

Webb Estes referred to a recent presentation he heard at a conference where a speaker discussed “building out a digital twin and giving customers visibility to do all their freight.”

Estes Express will “continue to lean into those things,” Webb Estes said. 

More articles by John Kingston

Reliance’s Albrecht sees capacity disappearing from market at rapid pace

3PLs get fresh legal win in fight to block liability in truck accidents

Haslam family sues Berkshire over valuing of final chunk of Pilot

Exit mobile version