Cyber attacks on the food and beverage industry are increasing in number and virulence every single year.
But industry stakeholders continue to underestimate the threat and underprepare for an attack. Why?
Why is F&B ignoring cyber threat?
Cyber attacks are now a regular occurrence in the food and beverage industry. Yet time and again the industry has proven itself unwilling or unable to adequately prepare.
And if a visual representation of industry attitudes were needed, then the recent IFE London panel on cyber security, did the job. The auditorium was almost empty, with nearly as many people on the panel as in the audience.
“It’s scary,” said panel chair Richard Werran, global director of retail, consumer and food and BSI. “The fact there are not many people here tells you something about the importance this industry attributes to something as important as cyber security.”
The problem lies in the fact that most organisations simply don’t have a clear understanding of the severity of the risks.
“The opinion seems to be, ‘we could spend these millions on security and something bad might not happen, alternatively we could spend the same millions somewhere else in the organisation and something good is going to happen',” said David Mudd, global head of digital trust assurance at BSI.
On top of this, the industry is dealing with rising energy costs and spiralling commodity costs, meaning many organisations simply don’t have the financial reserves to put towards security, even if they wanted to.
Industry needs to prioritise cyber security
The threat of cyber attacks is growing, with companies being attacked in multiple ways, including ransomware, phishing scams, and data breaches. And the impact to those affected is considerable, with operational downtime, sizeable financial losses, danger to animal welfare, supply chain disruptions, and compromised food security, reported.
“The stakes are higher than ever before,” said BSI’s Werran.
In fact, the food and beverage sector’s continued inability to prioritise cyber security has made it a major target for hackers.
“Cyber attackers have moved on from trying to attack banks and car manufacturers, they’re attacking the food sector because it’s such a weak sector,” said Werran.
In the past two years alone, companies including Campbell Soup, Dole Foods, Heineken, and Krispy Kreme have all fallen victim to cyber attacks.
They’re attacking the food sector because it’s such a weak sector
Richard Werran, BSI
“The food and beverage industry faces cyber security threats on multiple fronts, making defence a constant challenge,” said Marcel Koks, senior director of industry and solution strategy at cloud software development company Infor. “Threat actors deploy sophisticated ransomware across various platforms, targeting personal computers, mobile devices, and even Internet of Things and Cyber Physical Systems environments.”
And organisations don’t only have their own risk to consider, their supply chains are also vulnerable and could impact operations.
“Nobody owns the whole of the risk, you are so dependent upon your suppliers,” explained Mudd. “If you have valuable data, the bad guys will come after you, picking your weakest link and that may be your supply chain.”
This has led to a growing demand for companies to prove they have the right protections in place.
“Commercial contracts are increasingly reliant upon cyber security credentials,” said BSI’s Werran. “Companies want to make sure their information is in good hands and are increasingly asking for details of security systems.”
How organisations can boost cyber security?
The primary focus for any company, in implementing or strengthening their cyber security should be, what does the company need in order to function.
Key questions organisations should ask when tackling cyber security:
- What critical services do we rely on to operate?
- What critical processes support our business?
In other words, what needs to be protected for an organisation to continue operations. Once this has been established, protective measures can be implemented.
But even when those protections have been implemented, human error remains a major issue.
“People are your biggest asset and your biggest risk,” said Matt Wilkinson, director of Reflare.
More than 50% of digital security breaches happen because a nefarious link in an email is clicked (Reflare).
“Make sure your people are both aware of the risks and actively looking to try to reduce them,” said Wilkinson. “Security needs to be at the heart of everything you do.”
