While the faces of those involved in cyberattacks are rarely revealed, high-tech criminals are highlighting the growing importance of food industry cybersecurity. Earlier this week, Iowa-based farm services firm NEW Cooperative Inc. experienced a cybersecurity incident that forced its systems offline before the US farm belt harvest. Luckily, the threat was contained, but the outcome could have been detrimental to agriculture.
Unfortunately, this was not an isolated incident. And in many cases, the outcome is much worse. Take meat giant JBS, for example, which experienced a ransomware attack in the spring that cost the company $11 million in ransom. So, why do cyberattacks often target the food industry and how can organizations take a holistic approach to cybersecurity?
Why Do Hackers Target the Food Industry?
What does it benefit hackers to break into a food manufacturer’s system that controls food packaging or distribution? While there isn’t much to gain from an information perspective, there stands a great deal to gain financially, especially with the rise of cryptocurrency.
When engaging in cybersecurity or ransomware attacks, hackers intend to cause chaos and financial loss for America’s food system. The risk has only heightened as the food industry becomes increasingly interconnected through blockchain, artificial intelligence (AI) and other digital networks. And while attackers tend to go after large multinational corporations like Amazon or banking institutions, they are gradually targeting industries that are more prone to caving under attack, like the food sector.
Food industry cybersecurity isn’t as simple as installing new software and calling it a day. Hackers are high-tech criminals who are constantly searching for new tools for their trade. And as these cyberattacks occur more frequently, it is crucial to have the right systems in place to help prevent, mitigate and recover when a breach occurs.
Food Industry Cybersecurity Approaches
Today, for many food industry players with robust digital networks, cyberattacks have become more of a “when” than a “what if” scenario. According to the Federals Bureau of Investigation’s (FBI) 2020 Internet Crime Report, 791,790 cybercrime complaints were received in 2020, resulting in losses of more than $4.1 billion. Notably, that figure represents a 69 percent increase from the prior year.
With that in mind, food industry cybersecurity can be broken down into three levels: before, during and after a breach. Before an attack, it is critical to build an inventory of both information technology (IT) and operational technology (OT) assets to more readily characterize security risk within a specific environment. With proper inventory, lifecycle risk can be minimized and critical assets can be maintained.
Until recently, the ability to detect when a cyberattack was occurring was nearly impossible. However, new security technologies can provide continuous monitoring and detection for normal day-to-day operations. Any incident that deviates, such as an incorrect maintenance task, would signal an alert. That way, a manufacturer would know when to shut down in its system, as was the case for NEW Cooperative Inc.
After an event, organizations should become more firm about response methods. Proper response and recovery programs, such as backup and disaster recovery procedures for applications, can help ensure a speedy return to normal operations.
Despite the high cost of implementing a robust cybersecurity system, food industry players could save more time and money long-term. It may be worth the investment for peace of mind alone. No matter the reason, food industry cybersecurity does not only benefit manufacturers, but the entire food system, including retailers and consumers.