Cyber Security and Food Processing Plants - Protecting Our Sustenance Supply Chain

In an age where technology integrates seamlessly into the food production industry, cyber security has emerged as a critical concern for food processing plants. The convergence of operational technology (OT) and information technology (IT) has enhanced efficiency and innovation, but it has also opened the door to cyber threats that could jeopardize food safety, operational continuity, and supply chain integrity.?

This article delves into the unique cyber security challenges faced by food processing facilities, the potential consequences of breaches, and the proactive measures industry leaders are implementing to protect against digital threats.

Shielding the supply: Cybersecurity in food and agriculture

In excerpts from an article by Cybersecurity Guide, they wrote, “It’s hard to think of a more critical economic sector than food and agriculture. It is an industry that directly affects the lives of everyone worldwide.

Food & agriculture industry overview

Historically, the food and agriculture sector has not been a notable target for cybercriminals. Today, however, threat actors see the world’s dependence on a well-established food supply chain as an opportunity to use malware, such as ransomware, as leverage to achieve their nefarious aims.?

Food and agriculture companies now use a wide range of technologies to automate and optimize their operations, including production, processing, distribution, and retail, which create new vulnerabilities that can be exploited by cybercriminals.

A cyberattack on a food and agriculture company could disrupt food production and distribution, leading to food shortages and higher prices. It could also contaminate food products, putting consumers at risk of food poisoning.

Despite being increasingly aware of the cybersecurity threats it faces, the food and agriculture sector still has work to do to improve its cybersecurity posture.

The food and agriculture industry covers a broad spectrum of companies that provide a variety of products and services, and many of the companies that make up the nation’s food supply chain are interdependent.

A stoppage or slowdown during harvest season, for example, can reverberate throughout the entire industry as food processing plants and distribution networks feel the effects of events that may have happened weeks or months earlier.

Retail stores and restaurants need an easily accessible and reliable source for food products. Any disruption can result in price spikes or shortages that affect people’s lives.

As seen in the examples of cyberattacks below in this section, the world’s food supply chain is fragile and dominated by a relatively small number of large food companies.

Because cyber threat actors aim to shut down production, thereby threatening people’s lives, food production networks and food company business networks are at risk. Shutting down any massive food production or distribution business creates an intolerable condition that provides the cybercriminal with an insurmountable advantage.

Companies and authorities know that they must resolve the situation quickly to avoid societal turmoil. The need for the victim to act soon works to the criminal’s advantage.?

Notable industry attacks

JFC International:?

In March 2021, JFC International revealed that it had been hit by a ransomware attack that disrupted several of its IT systems. JFC is a major distributor and wholesaler of Asian food products and serves the European and US markets.

The company said the attacks impacted JFC International’s Europe Group. They were able to resume normal operations soon after notifying law enforcement, employees, and business partners about the incident.

Loaves & Fishes:?

Nonprofit food provider Loaves & Fishes offers nutritionally balanced groceries to individuals and families experiencing a short-term crisis through a network of mobile “drive-through” style food distribution sites. In August 2020, they announced that sensitive customer information was exfiltrated during the more widespread Blackbaud attack.

Blackbaud, a provider of software and cloud hosting solutions, stopped a ransomware attack from encrypting files but still paid a ransom demand to keep the hackers from publishing protected information about their clients – one of whom was Loaves & Fishes. Blackbaud said they have no evidence that the data was sold online, but the potential exists for that to happen at any time.?

Home Chef:?

Owned by Kroger Foods, Home Chef is a startup that provides food ingredients, meal kits, and recipes to its customers. Security researchers said in May 2020 that they found usernames and passwords belonging to Home Chef users for sale on the dark web.

Soon after, the Chicago-based company said a security incident had resulted in the compromise of information about an undisclosed number of its customers. This type of security event poses no danger to the food supply but is a risk to consumers of these services.?

Harvest Sherwood Food Distributors:?

In May 2020, data that surfaced on a Tor hidden service called the Happy Blog indicated that hackers deploying REvil ransomware attacked Harvest Sherwood Food Distributors. The attackers stole critical data from the company and threatened to disclose it publicly. REvil is the same ransomware that is later used against JBS Meats.

The attackers managed to steal around 2,600 files from the food distributor. The stolen data included cash-flow analysis, distributor data, business insurance content, and vendor information. There were also scanned images of driver’s licenses of people in the Harvest Sherwood distribution network.

Case Study: Meatpacker, JBS

Over Memorial Day weekend 2021, the world’s largest meat company, JBS, was the victim of a ransomware attack that originated from a criminal group based in Russia. The attack crippled a large portion of the meat supply chain, sending shock waves across the entire food industry.?

The FBI confirmed that the REvil ransomware was used in the cyberattack. The attack stopped operations at thirteen meat plants, including JBS facilities in Colorado, Iowa, Minnesota, Pennsylvania, Nebraska, and Texas.

This type of ransomware has been linked to GOLD SOUTHFIELD, a financially motivated group that operates a “Ransomware as a service” criminal enterprise. The group distributes ransomware using exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers.

The JBS hack set off a domino effect that quickly spread across the entire country. Wholesale meat prices soared as the balance between supply and demand immediately became out of whack.

Farms and ranches could not get their animals to market, and the resulting oversupply drove wholesale prices down. Restaurants and resellers could not get processed and packaged meat. The corresponding scarcity drove consumer prices skyward.?

The deleterious effects of this attack on only one portion of the global food supply chain illustrate how fragile our food supply is. Restaurant owners were already hard-pressed to find reliable meat sources as the world opened up after the Coronavirus pandemic.?

With the stakes high because of the need to maintain a stable food supply, JBS felt it necessary to acquiesce to the hacker’s demand and pay the ransom. After negotiating with the hackers, JBS paid the criminals $11 million in Bitcoin.

Challenges in the food & agriculture industry

One of the main reasons Americans think little about threats to and the fragility of the food supply chain is because it ordinarily runs so smoothly.

As a result, even though the nation’s food supply chain is one of the 16 critical infrastructure sectors designated by the Department of Homeland Security, it receives comparatively little attention from security professionals compared to other sectors like airline security or the power grid.

The food and agriculture industry is highly dependent on automation to keep prices low and distribution running smoothly. The systems that enable automation are often thought to be at a lower risk for cyber-attacks because they can be insulated from the internet with dedicated or segmented networks.?

This perception that an air gap exists between automated food processing systems and the internet is a red herring argument. Rarely are these systems completely isolated, and even when they are, there is always a need to update the operating system and production software.

Vulnerabilities can be introduced during the update process, as happened during last year’s Solar Winds attack. A false sense of security increases the risk of attack.?

Even if the automated systems that power food production factories were isolated entirely from the internet hypothetically, attackers do not need to access these systems to stop production.

As the JBS Meat ransomware attack illustrates, by shutting down the business operations of a food provider, their ability to continue production ceases.?

The food and agriculture sector has embraced production automation technology and digital business systems faster than they have modernized their cybersecurity operations.

Some experts theorize that this is because, until the recent proliferation of ransomware that makes any business a likely target, the food and agriculture industry has largely evaded attention from cybercriminals.?

Cybersecurity solutions for the food & agriculture industry

As mentioned above, the food and agriculture industry may, generally speaking, need to make up some ground related to cybersecurity. There are steps that many companies in this sector can take to protect themselves from threats.?

Similar to any business that produces, stores, or processes sensitive data, here are some important ways that food and agriculture companies can shore up their cyber defenses:

Cybersecurity training: Possibly the most effective measure that food and agriculture businesses can take to protect themselves from cyber-attacks is to provide cybersecurity training for their employees.

The vast majority of attacks begin with an element of social engineering — usually an email.

Modern phishing emails can be very difficult to distinguish from legitimate emails. By training employees to be ever-vigilant in recognizing the telltale signs of a phishing email, users can act as a practical first level of defense.?

Backup data: Ransomware in the food and agriculture industry depends on the ability of threat actors to plant malware designed to deny organizations access to their critical data. By locking food producers out of their business systems, attackers can throttle their ability to operate.

Having a current backup is the most practical mitigation strategy to prevent ransomware criminals. Backed-up data should be isolated from the original files to deter attackers from encrypting or exfiltrating both the original and backup copies.?

Network segmentation: By segmenting production from business networks and dividing them into smaller parts, food and agriculture IT managers can increase security. Logically divided, portions of a company’s infrastructure can be isolated if suspicious behavior is detected on another part of the network.

As mentioned above, even segmented infrastructure is vulnerable to malware introduced to a portion of the network, for example, when updating programs. Segmenting, however, can prevent malicious software from spreading throughout the entire business.

Endpoint anti-malware software: Malware is intended to cause damage, steal data, encrypt files, or gain unlawful access to digital systems. Because of the critical nature of the food and agriculture sector, it is the cyber threat faced most often by these organizations. Malware describes numerous malicious software variants, such as trojans, worms, and ransomware.

Anti-malware software applies signature detection, behavioral analysis, and, in some cases, artificial intelligence to remediate an attack by disabling malware. It is crucial to have anti-malware software installed on every digital endpoint of a network.

In today’s world of BYOD (bring your own device) workplaces, ensuring that updated anti-malware is properly installed across all devices with access to the network can be challenging.?

Routine patching and software updates: When vulnerabilities are identified in computer systems and software, vendors regularly provide patches and updates to protect their customers.

Regularly updating and patching systems can mitigate many malicious threats.?

Because users neglect to update their systems, hackers often exploit vulnerabilities for which patches are generally available.

Summary?

Like healthcare, energy, transportation, and financial services, millions of people depend on the food and agriculture industry for their lives and livelihoods.

As these critical sectors rely more and more on digital systems to conduct business, the threat of a significant cyber-attack carries more weight.?

Deploying modern cyber defenses to protect the world’s food supply chain is essential. Additionally, as new automation systems are designed, it must be done with cyber protection at the forefront.?

The fragile and interdependent nature of the food supply requires that the entire industry be protected with the most advanced and effective tools and policies. Because, in the end, we all need to eat first and foremost.?

Frequently asked questions

Why is cybersecurity important for the food and agriculture industry?

Cybersecurity is crucial for the food and agriculture industry to ensure the safe production, distribution, and consumption of food. Cyberattacks can disrupt supply chains, compromise food safety, and impact economic stability.

What types of cyber threats does the food and agriculture sector face?

The sector is vulnerable to ransomware attacks, phishing campaigns, attacks on automated farming equipment, insider threats, and vulnerabilities in supply chain management systems.

What role does IoT play in food and agriculture cybersecurity?

Internet of Things (IoT) devices, such as sensors in farming and food processing, offer enhanced efficiency but also present new security challenges. Ensuring these devices are secure is crucial to prevent potential disruptions.

How can food and agriculture companies bolster their cybersecurity defenses?

Companies can enhance cybersecurity by conducting regular risk assessments, implementing multi-layered defense strategies, training employees on best practices, and collaborating with cybersecurity experts.

How do cyberattacks impact the food supply chain?

Cyberattacks can disrupt production schedules, compromise food safety systems, and lead to economic losses, affecting both producers and consumers.

Why are attacks on food and agriculture infrastructure concerning?

Attacks on this infrastructure can lead to food shortages, price volatility, and even public health concerns if food safety is compromised.”

Cybersecurity in Food Processing: A Hidden Battle for Safe Sustenance

In excerpts from an article by GCA, they wrote, “According to research, cyberattacks against the food and agriculture sector increased by 607%, with even the FBI paying close attention. But why does this happen??

We’ll discuss just that, as well as six unique challenges confronting this sector, with the goal of underlining the potentially disastrous impacts of cyberattacks on global food security. We’ll also go over a fact-based examination of these threats' evolution and the industry's responses.?

We aim to shed light on the clandestine battles waged in the pursuit of safe sustenance to avoid a potential global disaster. By emphasizing the indispensability of robust cybersecurity at each stage of the food processing chain, we seek to equip industry stakeholders and cybersecurity professionals with crucial insights and actionable strategies.

Why is the Food Industry Targeted by Cybercriminals?

Ever since the financial and retail sectors shored up their cyber defenses, threat actors have shifted their focus to other industries, targeting governmental systems, construction companies, and healthcare organizations.?

A lack of cybersecurity is the main reason for this, which stems from either a lackadaisical attitude or a simple unwillingness to invest. However, even these industries sought proper solutions, which left food processing businesses as the most vulnerable targets.?

Cybercrime groups across the US and the world regularly target them, and it’s not just to steal data or intellectual property.? For example, a hacker might want to access storage or distribution systems to feed counterfeit products into a large-scale supply chain overseas, potentially releasing unsafe products to the population and causing irreparable damage to the brand.?

3 Underestimated Cyber Vulnerabilities Within Our Food Supply Chain?

The food industry can be targeted by cybercriminals in numerous ways but there are 3 primary methods that can be deemed the most underestimated.?

Phishing Emails?

Phishing is an attempt to trick a user into clicking a link in a bogus email or text that aims to disguise itself as coming from a legitimate and trustworthy source. In the case of the food industry, spoof emails have been a popular tactic for cybercriminals, containing links that take the user to a fake website or download malware onto their machine.?

Spoof emails in particular, have become more sophisticated in recent years, making them harder to spot. By appearing to have been sent from an employee within your organization or a third-party company in the supply chain, it’s easy to see why these fake emails wreak so much havoc.?

For example, a spoof email may appear to have been sent from the accounts department of a company in your supply chain, containing an important document that needs to be reviewed.?

Ransomware

Ransomware is perhaps the most versatile tool that cybercriminals use, and can thus be used on companies in the food industry. It works in conjunction with phishing emails and other types of cyber attacks. After a threat actor gains access to key operational systems, they lock or encrypt them, refusing to allow the victim access until they pay a certain sum of money.?

Notably, Canadian company Maple Leaf Foods suffered $16.6 million worth of damage in 2022 after they refused to pay a ransomware gang. In 2023, Dole Food Company suffered a similar attack, resulting in losses of $10.5 million and a temporary stop to their operations. And these two food industry giants are far from the only ones to fall for this.?

Automated Systems?

Automated systems also present considerable risk as they control key operations, such as valve control mechanisms, temperature monitoring, and regulating food additives. If not monitored by humans properly, they become a perfect attack vector.

This type of attack can cause public alarm and long-lasting damage to a company’s reputation, and it’s mainly because of laziness. Even though research indicates that machine learning is set to grow at a yearly rate of 39% until 2029, businesses should refrain from overreliance on AI/ML solutions until they’re tried, tested, and verified by reputable third parties.?

Cybersecurity in Food Processing: 6 Challenges?

In this section, we have outlined six core challenges that the food industry faces, including common misconceptions and a lack of awareness.

1. Many SMEs in the food industry believe they will not be targeted by cybercrime due to their size, however, smaller businesses are targeted just as much as larger organizations. This is often in the form of spoof emails.
2. Cybercrime is becoming very accessible and isn’t exclusive to experts. This is because malware creators often find it more lucrative to sell their tools and services to individuals who may have identified a potential vulnerability. This is why it is crucial to assess the total attack surface of a business, including internal personnel.
3. Decision makers sometimes believe that because their IT and cybersecurity needs are outsourced it isn’t something they need to worry about. Unfortunately, IT service providers are regularly subjected to cyber-attacks, which could impact their clients.
4. A lack of security training can result in employees being unaware of potential threats, increasing the likelihood of a successful cyber-attack or data breach. All members of staff, from IT to admin should receive cyber resilience training to spot the telltale signs of a cyber attack, as cyber resilience is only truly possible through complete vigilance from everyone in the company.
5. Many businesses in the food industry deploy Internet of Things (IoT) devices to help manage operations and establish constant communication. These devices can sometimes be targeted as they can sometimes rely on poorly designed, unsupported, or outdated software. This type of vulnerability is often overlooked during a security audit.
6. As internal production processes can sometimes be integrated with external data systems and networks, businesses must ensure any connection is fully secured using technologies such as a managed firewall, monitoring systems, and a VPN.

Industry Response: How Can the Food Processing Industry Protect Itself From Cyber Threats?

The food processing industry must take measures to equip itself properly in an attempt to combat the threat of cybercrime. A comprehensive cybersecurity strategy consists of three main components, education, technology, and environment. This involves employee training, advanced security software, and effective processes to protect data and systems.

Below is a checklist of important security actions that should be taken by all businesses that operate in the food industry:

• Ensure all devices, software, and systems are fully up-to-date, installing the latest security patches to avoid threats such as a zero-day vulnerability.?
• Go for industry-specific software whenever possible. Due to the sensitive nature of food processing operations, businesses can’t afford to cheap out when it comes to workflow-essential apps. Even a simple thing, such as document conversion, shouldn’t be done without a secure PDF solution. A truly PDF solution will come with electronic signature capabilities that allow you to securely sign and share documents. Oftentimes, it’s the software provider that’s the main vector.
• Implement password management processes to make sure all network users have strong passwords that cannot be cracked. Likewise, employees with access to sensitive data should be encouraged to frequently change their passwords.
• Use multi-factor authentication to add an extra layer of network security. This can be either biometric verification or a custom, purely internal system.
• Use a managed firewall and a VPN to protect any connections between internal and external systems. Monitoring systems can also provide alerts in real-time should any suspicious activity be detected on the network.
• Conduct frequent security training to inform all members of staff in regard to cybersecurity best practices and threat awareness. This includes company-wide workshops and perhaps one-to-one training for staff members who have higher access permissions.

Summary

Cyber attacks on the food processing industry have seen a dramatic increase, with hackers and scammers moving their attention from industrial control systems to food processing businesses of all sizes. This is due to a lack of security which is thought to be prevalent across the industry. Common vulnerabilities, such as phishing emails and ransomware cause millions in damage each year.

Fortunately, with sufficient investment in technology and training and by adhering to security best practices, businesses can effectively protect their data and systems. By following the steps in this guide, they can reduce the possibility of a data breach or security issue that could put the public at risk and cause irreparable reputational damage.”

Adaptive Office Solutions’ Additional Insights

While those two articles are great, here at Adaptive Office Solutions, we’d like to talk about a couple of real-life examples that demonstrate a need for food processing plants to up their cyber security game…

Businesses That Collect Your Personal Information Can Put You at Risk

Brett ran across a seafood processing website that was collecting personal information from job applicants hoping to fill vacancies. Most of the information you would expect to provide… full name, date of birth, and contact information. But then, a request for information set off an alarm… they asked for a Canadian social insurance number.?

That is an incredibly valuable piece of information, so it’s imperative to know that it’s protected. But, guess what? The hiring firm wasn’t using a protected means for gathering information. They were collecting the personal information on a Google Form! Not a protected form from Google Workspaces, one that can be created by any individual Google user.?

Of course, Brett’s cyber senses went into high gear, and he thought… What if the hiring company wasn’t using 2-factor authentication? A hacker could easily gain access to the information on an unprotected Google form, which could affect countless applicants!

As a business, it’s your responsibility to think about how you are collecting and protecting the personal information of everyone in your database. There are countless apps out there that are designed to safeguard the information collection process, so there’s no reason for this kind of liability risk.??

And as individuals, we really need to take pause every single time we’re asked to provide our personal information. In this case, the form the applicants were asked to fill in looked like one that most people would assume was protected. But, if something seems off - like being asked to provide a Social Insurance Number before you’re even hired - don’t risk it.?

Also, look at the details of the form. Does it explicitly say that it is protected? If so, how and by whom? Is it a reputable data protection software provider??

In this case, it clearly said “Google Form” at the top. And most people trust Google, right? Yes… as a search engine, NOT as a privacy provider. Don’t store your passwords or credit card information there. That’s what password protection software is for. It’s just as convenient and 1000 times safer.?

The most incredible part of this example… Brett informed the seafood processing plant about the issue, and two years later, they still haven’t done anything about the cyber security risk.?

Backups??

When Brett was doing a cyber security risk review for a manufacturing company, he realized that not only do they have an old server, they weren’t doing backups for it. The server failed when they lost electricity and they had to wait 5 days to access a power supply. During that time they could’nt access anything, including their accounting information.?

Can you imagine if any of the computers were stolen or if there was a fire? They would have lost everything - forever!?

No matter the type or size of business, data loss can have potentially devastating effects. From reputational damage to downtime and lack of productivity, data privacy, and compliance issues to loss of customer trust and loyalty – not having a backup could have long-lasting effects on business operations and integrity.

There are several factors that drastically increase the chance of data becoming compromised, stolen, deleted, or lost, including:

• Cyber attacks such as Ransomware and Phishing
• Human negligence
• Human error
• Failure to backup systems regularly
• Disgruntled employees
• Natural disasters
• Hardware failure
• Theft
• Software corruption

Without backups, businesses face severe consequences, including operational downtime, reputational damage, and loss of customer trust.

Conclusion

The integration of technology in the food processing industry, while driving efficiency and innovation, has simultaneously exposed the sector to significant cyber threats. From ransomware attacks to phishing scams, the potential disruptions to food safety and supply chain continuity are profound.?

As cybercriminals increasingly target this critical sector, it is imperative that food processing plants adopt robust cybersecurity measures. By investing in advanced security technologies, conducting comprehensive employee training, and implementing rigorous data protection protocols, the food industry can safeguard its operations and ensure the uninterrupted supply of safe, high-quality food products to consumers worldwide.?

The fight against cyber threats is an ongoing battle, but with vigilance and proactive strategies, the food processing industry can fortify its defenses and maintain the integrity of our sustenance supply chain.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every device connecting to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business's IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at [email protected]