Food and beverage manufacturing plants are the giants of the global food industry, transforming raw agricultural materials into products for mass consumption around the globe. In 2019, meat alone accounted for around 24 per cent of all food and beverage shipments in the US.
That’s why last year’s cyber attack on JBS, one of the world’s largest meat processors, had such an impact. It supplies nearly one fifth of the meat consumed in the US and many shops experienced shortages as the company worked to recover. With such a small number of firms comprising most of the food supply chain, shutting one plant down has a direct impact on a much wider population.
In 2022, we will learn from cyber attacks like this that food security is now dependent on food-industry cyber security.
From farm to fork, food is becoming digitised, driven by a soaring global population. From using smart devices to monitor and automate cultivation and livestock processes, to the emergence of vertical farms, food processing and delivery will become increasingly reliant on technology.
This digital transformation makes food security vulnerable to hackers. Food-production facilities often rely on computers to monitor storage temperatures and many of these systems rely on outdated software and operating systems. If they were compromised, the entire food supply in a warehouse would no longer be safe for consumption.
Heightening the risk is the convergence of IT and operational technology (OT) networks that has been brought about by the rapid digital transformation of many food companies during the pandemic. Security defences now need to protect not only data centres and on-premises systems, but also cloud-computing networks and the edge.
There are several ways that the food industry can protect itself. First, many need to update their legacy systems to comply with modern security standards. Outdated OT is especially vulnerable – designed without security in mind and often incompatible with much of today’s software and security tools. These can cause major operational outages and complete shutdowns if compromised.
Second, the industry needs to assess vulnerabilities and patch accordingly. Zero days, ransomware, advanced persistent threats, supply-chain attacks, targeted phishing and threats to OT and Internet of Things environments are the main concerns for most organisations, regardless of the sector they are in. Attacks on the supply chain – which account for the majority of those in the food industry – are virtually impossible to detect with legacy, signature-based security. Malicious software can be packaged as legitimate and delivered into the heart of the company – going undetected by rules-based approaches.
Finally, the food industry itself will need to improve information-sharing across state lines and international borders to work together and prevent these attacks.
In 2022, cyber attacks on the food sector will only increase. If the industry does not fix its cyber problem, we will see food scarcity, higher prices and the potential sales of tainted food. Organisations will see that they need to keep pace with and respond to threats in real time, rather than reacting to breaches when it is already too late.