- JBS paid an $11 million ransom for a cyber attack last year, but it suspended operations at its nine beef processing plants across the U.S.
- A ransomware attack at Schreiber Foods caused a cream cheese shortage around the holidays.
- The pandemic has pushed food and beverage operating systems to be more connected than ever, increasing the risk of a security breach.
- Make sure you understand cybersecurity best practices.
- ProFood World February 2022 cover story: Put Your Cyber Defenses Up Before They Take You Down
- Malwarebytes 2021 State of Malware Report
|Read the transcript below:|
This week, I’d like to take some time to talk about cybersecurity. It’s an important topic that only continues to grow in importance for several different reasons. Here are just a few: Cyber attack approaches continue to get more sophisticated, malware attacks have become a tantalizingly lucrative business model, and food and beverage plants have become even more connected, particularly since the start of the pandemic.
Every year, ProFood World aims to have automation as the cover story of its February print issue, covering a wide range of topics within the automation and digitalization realm. It’s precisely because of that growing digitalization in this industry that, this year, we thought it was important to zero in on the issue of cybersecurity.
Before I joined the staff of ProFood World, I spent seven years at sister magazine Automation World, primarily covering automation in continuous process industries such as oil and gas, water/wastewater, and all kinds of power generation. These were industries where cybersecurity was considered paramount because they are critical industries—whose incapacitation would have a debilitating effect on national security or public health.
But if there’s any indication that the food and beverage sector is on par as a critical industry it’s the May 30 organized cybersecurity attack on JBS—which supplies about a quarter of the world’s beef and about 20% of its pork. Things don’t necessarily explode like they might at an oil refinery, but such attacks can cause considerable disruption to an essential need. Because of the ransomware attack, JBS suspended operations at its nine beef processing plants across the US, causing uncertainty in the supply chain.
In fact, in her reporting for our February cover story, writer Beth Stackpole found that cybersecurity was behind a supply chain issue that anyone who tried to make cheesecake around the Christmas holidays might have noticed. I think we’ve all become somewhat numb to the supply chain issues since the start of the pandemic. So it would’ve been easy for anyone trying to get cream cheese around that time to dismiss it as just the same old problems.
But it was actually a ransomware attack that knocked out core systems and operations for several days in October 2021 at Schreiber Foods. Not only did Schreiber have to pay $2.5 million in ransom, the large Wisconsin-based cheese producer was hit during peak production season—and it was a disruption that trickled down to smaller farmers, cooperatives, and the companies that buy ingredients from Schreiber.
What I’ve been talking about here are a couple pretty big, high-profile cases. But what I don’t want you to think—and what I think is an all-too-typical mindset—is that you are not big enough or important enough for a cyber attacker to go after.
First, let’s just talk about the sheer volume of attacks. Something that Beth noted in her article was the 607% surge in malware detections in the food and agriculture sector in 2020, according to the Malwarebytes State of Malware report. The fact is that you can get caught in a net whether you’re an intended target or not. You just need to take the bait.
As I noted, the pandemic has had an effect on all of this, particularly because of increased remote access capabilities. But even before then… Many in the food and beverage sector were hungry for Industry 4.0 applications for a variety of reasons, but often, their existing production environments aren’t ready to digest new technologies securely. Most industrial control systems and networks were designed decades before cybersecurity was a major concern. So they often lack the basic encryption, authentication, and authorization controls that are common in enterprise IT platforms.
There are a lot more details in Beth’s February cover story, so check out the link below and be sure to read up on that. But I would like to at least touch on the key points she makes for cybersecurity best practices.
- First, conduct a complete risk assessment to understand what’s on your networks and how it’s all interconnected.
- Perform regular preventive maintenance checks of your operational assets.
- Invest in cybersecurity awareness and training for all of your employees.
- And finally, address the information gap with new talent
All of this, I know, is easier said than done, but it’ll be worth it if you can keep your production from going down. Take some time to read Beth’s article. And then make sure you get the help you need to secure your operations