The food and beverage industry has never been more reliant on technology than it is now, for good reasons. Technology is growing exponentially, from adopting automation to improving mobile ordering and payment systems, including AI and machine learning in various industry processes, and adopting IoT technologies across various systems. This industry is undoubtedly enjoying the benefits, as there are marked increases in efficiency, customer satisfaction, and profit margins. Still, there have also been technological risks, namely cyber threats, attacks, and security breaches.
How dangerous have these cyber threats become? Are there any notable examples of cyber attacks that shed light on the industrial cybersecurity state of food and beverage businesses? What can companies in the food and beverage industry do to prevent and reduce the possibility of food and beverage cyber attacks?
But first, why is prioritizing food and beverage manufacturing cybersecurity important?
The Importance of Cybersecurity in the Food & Beverage Supply Chain
The food and beverage supply chain should take cybersecurity seriously for several reasons:
Supply chain integrity
Maintaining food and beverage supply chain integrity is essential. The supply chain affects how well products are distributed. It is also critical for stocking up industry companies. Hence, cybersecurity protection plays a crucial role in this process. Great OT security and proper IT cybersecurity measures can protect supply chain integrity and easily facilitate goods on all supply chain ends.
Data Protection
Food and beverage companies handle and store all sorts of private data, from customer to employee. The data helps improve records and smooth business transactions. Cyberattacks often target data, as a data breach can not only be profitable for hackers but also devastating for the industry. Hence, the food and beverage industry must ensure that cybersecurity is a priority.
Ensuring food safety
Attacks have targeted food and beverage production processes. These attacks often have a greater impact on operations, which in turn negatively impacts the health and wellness of consumers. The right cybersecurity systems indirectly protect consumers’ health and ensure food production remains safe and contamination-free.
Remaining profitable
Prioritizing cybersecurity has its initial cost. Long-term, it helps companies in the food and beverage industry stay profitable by protecting them from the effects of a ransomware attack or a cybersecurity breach.
Regulation compliance
Several nations and states have cybersecurity laws governing the food and beverage industries. Businesses in the industry, when aware of security regulations and adhering to them, safeguard themselves against cybersecurity threats and avoid fines or shutdowns due to legal violations.
Key Cyber Threats in the Food and Beverage industry
Big and small players in the food and beverage industry have to be wary of cyber threats because the company’s size is often not a prerequisite for being targeted or caught in scammers and hackers’ nets. Here are 6 key cyber threats companies in the food and beverage industry should be aware of:
Web skimming
“web skimming” describes cyberattacks in which hackers insert malicious computer code into websites and other third-party digital system suppliers to obtain credit card information. This form of hacking has evolved because industries have become more integrated, with many in the food and beverage industry seeking digital solutions for evolving challenges. On the bright side, many digital system suppliers do not store customer credit cards and personal data on their systems, but this does not stop hackers from web skimming their systems and websites for this data.
Third-Party data breaches
Third-party dealings are inevitable in every industry, but they can quickly become risk factors when dealing with cyber security threats, especially in the food and beverage sphere. A single drive exchange or collaboration link with third-party bodies, within or outside the industry, can expose food and beverage companies to malware attacks amidst other cybersecurity attacks. Besides industry cybersecurity, companies must be careful of external/third-party dealings. It remains a vast risk because third parties are far removed from a company’s control and can still expose the company to cyber threats and risks.
ICS/SCADA malware
Malware attacks on industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA) are high-risk problems because these systems control and manage manufacturing facilities. The main goal of these malware attacks is to either taint the food supply or, even worse, to stop all manufacturing and other activities. Changing the amounts of components or adding new ones in recipes and bills of materials is one way to do this, which might result in a harmful product. The growing dependence on automated industrial control systems to handle, store, and manage massive quantities of products has intensified this vulnerability in the food and beverage sector.
Shadow assets attack
Shadow assets are a much larger percentage of cloud usage companies that are unknown to the public. Estimates show that many companies have shadow assets that are 10x the companies’ known cloud usage. These assets often have lesser security than known assets and have become easy targets for ransomware gangs. Because of the general uptick in the usage of cloud resources and their integration with more physical OT, there are now more entry points bad actors are willing to explore.
Ransomware awareness
Ransomware attacks are a serious threat to the food and beverage industry, and 70% of ransomware attacks target the manufacturing part of the industry. Food manufacturers have experienced significant process setbacks due to ransomware attacks, which have increased since the pandemic. Internal documents and client data numbering in the millions might fall victim to ransomware assaults. Usually, manufacturing stops when this happens, meaning less money comes in because of lost sales and efficiency. The overall effect is a broken and disjointed supply chain. Not only does the breach affect the company that was hacked into, but it also affects other related companies and processes. Operations hiccups and supply chain disruptions may result in food spoilage at every inventory level, needless food waste, and millions of dollars lost in revenue.
Shared IT/OT dependencies
Operational and Information technology might be similar, but there are marked differences, one of which is the proprietary systems that they work on. Recent developments have increased the integration of IT and OT, and with both technologies being integrated, there have been more gaps to exploit. Since OT deals with more physical and operational technologies, and IT deals more with systems and information, there has to be a cyber physical system (CPS) security approach to reduce the risks this dependency causes.
Top Food and Beverage Cyber Attacks
The rise in cyber attacks on food and beverage facilities and related services/products has been steady. Between 2018 and 2023, there were over 150 Ransomware attacks on the food and beverage industry worldwide. About 300 fast food restaurants, including outlets from famous brands like Yum and KFC, closed after ransomware attacks in England in January 2023.
Since it would be difficult to examine all of these attacks, we’ve chosen 5 major cyber-attacks on the industry that reflect the danger cyber threats pose to the food and beverage industry.
The JBS ransomware incident – May 2021
If not the most popular cyber attack on the food and beverage industry. JBS, a Brazilian meat company, one of the world’s largest meat producers, was the victim of a ransomware attack on the 30th of May 2021. The company was hit by the Russian hacker group REvil, and reportedly paid out eleven million dollars ransom to the group. According to experts, the meat producers had been slow to adopt modern cybersecurity measures. They had been suffering a steady rate of malware attacks over the year before the 30th of May.
Campari Group ransomware attack – November 2020
Campari Group, an Italian Beverage company with famous products like Epsolon, SKYY vodka, Campari, and Frangelico, amongst others, was hit by a Ransomware attack from Ragnar Locker and had 2 Terabytes of unencrypted files stolen. The Ragnar Locker Ransomware group demanded fifteen million dollars and threatened to release the information stolen to the public. This was one of the highest ransoms ever demanded due to a cyber-attack.
Among the reportedly stolen data were accounting records, bank statements, license certificates, customer and employee data, sensitive company information, and official correspondence. While it is unclear if the money was paid, many of Campari’s systems were damaged in the process and information was indeed stolen.
Bakker Logistiek – April 2021
One of the largest logistics services in Ireland was hit by a ransomware attack in April 2021, which led to a cheese shortage in stores across the country. Bakker Logistiek was targeted in the attack, and encrypted devices that controlled food transportation and order fulfilment were disrupted. The perpetrators were not found, and Bakker Logistiek had to get customer orders from earlier backups.
Harvest Food Distributors and Sherwood Food Distributors – May 2020
Harvest Food Distributors and its parent company, Sherwood Food Distributor, were hit by The REvil hacking group, and over 2300 of their files were leaked. Important files such as customer confidential data, sub-distributor information, cash flow analysis, insurance contracts and more were compromised. The hackers reached out to the management body. While Sherwood Food Distributors were initially interested in paying Four million five hundred thousand dollars for their information, they ended up paying Seven million five hundred thousand dollars.
How to Prevent Cyber Threats in the Food and Beverage Industry
Knowing the risks of cyber attacks and their increased frequency in the food and beverage industry, what precautions can businesses take to prevent cyber threats?
- Teach employees cybersecurity safety: Humans are usually the weakest link when it comes to cybersecurity safety. Employees can be trained to be aware of risks and practice safe password creation and sharing protocols. This reduces the risks of employee actions leading to cybersecurity breaches.
- Install and update anti-malware software: Installing trusted anti-malware software and regularly updating these software packages is a safety hack that can protect key facilities down the line.
- Manage third-party risks: It is difficult to determine what third-party partners might get involved with, but companies in the food and beverage industry should vet their third-party partners and assess the risk of their industrial cybersecurity practices. This can help to avoid third-party attacks that could disrupt the supply chain.
- Segment critical systems: Industrial Internet Of Things (IIoT) is very important, and one way to ensure the safety of industrial processes in the food and beverage industry is through segmenting various facilities. As much as interaction between the various facilities is important, separating key operational systems from other systems in the industry can reduce the risk of them being affected by cyber breaches.
- Conduct regular audits: Companies in the industry should conduct regular audits on various parts of their IT and OT systems to ensure that they are safe. Regular audits will help companies identify potential threats on time and respond to those threats efficiently.
- Have a ready response plan: Whenever cyber attacks happen, many companies in the industry are left at a loss, and this could extend the effect of the attacks. Having a response plan helps companies deploy necessary resources in the event of a breach or an attack, which mitigates the extent of the damage.
Conclusion:
Projections show that cyber threats, especially ransomware in food and beverage companies, are expected to increase. This means that for businesses to stay safe, they must improve all forms of cyber and physical security for their company assets. Seeing that manufacturing and supply chains are usually the most hit. There has to be an industry-wide approach to protect these parts of the industry, as their failings could have long-term negative impacts on the global food economy.
