Suncor Energy executives said the Canadian energy giant has recovered most of its normal operations since a June cyberattack. But the incident was serious, executives said, and Suncor learned significant lessons.
As previously reported, Suncor said the attackers breached the company on or around June 21, but disclosed the attack on June 25. Right after the attack, the company isolated its operational IT systems and backup databases, President and CEO Rich Kruger said during a fiscal second-quarter earnings call on Tuesday.
In the days following the incident, Suncor was able to establish a “safe, secure IT environment,” that was free from any corruption or outside incursion, Kruger said. The incident did not have a material impact on financial or operating results, but Kruger doesn’t want to have to go through such an attack in the future, he said.
“Well, first of all, I’d rather have a root canal than go through one of these attacks again,” Kruger said in response to an analyst’s question. “They’re not pleasant at all.”
Kruger, who became CEO in April, said the incident forced some of the top management to rush into action. Dave Oldreive, EVP of downstream, responsible for the company’s refining business, was just four days into his new position.
Like in any emergency situation, Kruger said the best way to respond to such an incident is to cover all bases, rather than take anything for granted.
“When in doubt, go the extra distance,” Kruger said. “It’s easy if you over respond and pull back.”
But not responding fast enough can lead to problems down the road, he said. Kruger did not provide any specific examples of how a slow response could impact things.
The attack also proved to be a crash course in IT. In the three to four days after the incident, Kruger learned more about hardware, software and other IT related issues than he ever imagined he would in his life, he told analysts.
Kruger said the company held a “comprehensive rundown” of the incident with its board earlier this month.
Suncor has restructured much of its operations, including upper management. The company announced the retirement of three senior-level executives and made significant changes to the reporting structure. CFO Kris Smith will not only be responsible for all financial functions, but IT and supply chain will report directly to Smith.
The company still has not discussed key details about the attack, including the total number of customers impacted, whether there was ransomware involved or how the threat actors breached the IT network.
Suncor has submitted a report to the Office of the Information and Privacy Commissioner for Alberta, according to a spokesperson for the agency. The agency said it had no other comment on the report since the matter was still under review.
According to a report by CBC, the company has been replacing desktop and laptop computers at Suncor, as employees were reportedly unable to log into accounts immediately after the attack.
The attack left the company’s more than 1,500 Petro-Canada retail locations unable to accept card payments and impacted some supplier payments as well. Officials later confirmed that Petro-Canada customer rewards data had been breached, however Suncor field operations were not impacted. Suncor is facing litigation from customers whose data was breached.
Canadian authorities previously warned that state-linked threat actors had been targeting the Canadian oil and gas sector in connection with the country’s support for Ukraine after the Russia invasion.