Food and drinks manufacturing companies are the giants of the global food industry, transforming agricultural raw materials into products for mass consumption around the world. In 2019 meat alone accounted for about 24 percent of all US food and beverage supplies.
That’s why last year’s cyberattack on JBS, one of the world’s largest meat processors, had such an impact. It supplies nearly a fifth of the meat consumed in the U.S., and many stores are experiencing shortages as the company works to recover. With such a small number of businesses making up the majority of the food supply chain, the closure of one plant has a direct impact on a much wider population.
In 2022 we will learn from cyber attacks like this that food security now depends on the cyber security of the food industry.
From farm to fork, food is digitizing, driven by a growing global population. From the use of smart devices to monitor and automate farming and livestock processes to the emergence of vertical farms, food processing and delivery will become increasingly dependent on technology.
This digital transformation makes food security vulnerable to hackers. Food manufacturing facilities often rely on computers to monitor storage temperatures, and many of these systems rely on outdated software and operating systems. If these were compromised, the entire supply of food in the warehouse would no longer be safe for consumption.
Increasing the risk is the convergence of IT and operational technology (OT) networks, which has been driven by the rapid digital transformation of many food companies during the pandemic. Security defenses must now protect not only data centers and on-premise systems, but also cloud computing networks and the edge.
There are several ways the food industry can protect itself. First, many must update their legacy systems to meet modern security standards. Outdated OTs are particularly vulnerable – designed without security in mind and often incompatible with much of today’s security software and tools. They can cause major disruptions and outages if compromised.
Second, the industry must assess vulnerabilities and remediate accordingly. Zero days, ransomware, advanced persistent threats, supply chain attacks, targeted phishing, and threats to OT and Internet of Things environments are the main concerns for most organizations, regardless of industry. Supply chain attacks – which account for the majority of those in the food industry – are virtually impossible to detect with legacy signature-based security. Malware can be packaged as legitimate and delivered to the heart of
company – remains undetected by rule-based approaches.