THERE might have been a time when hacking into a food or agricultural company's system was far from a hacker's mind. Why threaten a company that provides a basic need? But this is simply just a rhetorical question. Because just like any other business, food companies have to protect their data and operations, and more so because if they don't, the health and safety of their consumers could also be at risk.
While the adoption of IoT and smart technologies is paving a future that ensures efficient operations, better processing, and safer products, it has exposed F&B companies to sophisticated cyber criminals. Many manufacturers are falling victims to these crimes, and the threat to the food supply chain persists as long as systems are easy to breach. The only way forward is to continually strengthen their cybersecurity.
To understand the issues, we talked to Vijay Vaidyanathan, who is currently the Regional Vice President – Solutions Engineering, APJ at the industrial cybersecurity company, Claroty.
Vijay Vaidyanathan, who is currently the Regional Vice President – Solutions Engineering, APJ, Claroty
Why are food companies easy to target?
The food manufacturing industry has low maturity in terms of cybersecurity and such incidents highlight the urgent need for food companies to prepare for and learn to manage cyber-related risks. That includes risks from information technology (IT), operational technology (OT) such as industrial control systems (ICS), and importantly, from the convergence of IT and OT networks as a result of digital transformation. This is especially pertinent in environments where vulnerable legacy technology exists, as any downtime could result in huge ramifications for the company and the public at large, as was the case with JBS Foods.
According to the Cybersecurity Agency of Singapore, nearly 40% of cyberattacks in Singapore target small and medium enterprises. The most common methods were phishing attempts and ransomware. Just like big companies, SMEs are going digital in the industry 4.0 environment, they may become vulnerable to cyber threats such as phishing attacks, defacements, and ransomware. For many lean SMEs, being hacked would mean that normal operations would come to a halt. This may then result in revenue loss and negatively impacts the company's reputation.
What can hackers manipulate?
Cyberattacks have evolved beyond theft of data to disruption of physical assets with consumer impacts. Hackers often encrypt data on systems and demand ransom to decrypt it, but in some cases, the primary targets have shifted from the data alone to consumer-facing services.
Hackers have the following motivation: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
What are the entry points?
At first, hackers identify a vulnerable target and explore how to exploit it. Outdated OT is especially vulnerable – designed without security in mind and often incompatible with much of today's IT software and security tools — as these can cause major operational outages and complete shutdowns if compromised.
Can you share some breaches in F&B/agriculture that have occurred, and how these were handled?
JBS wasn't alone in meeting an attacker's ransom demands. Colonial Pipeline reportedly paid $4.4 million to recover its IT systems after a ransomware attack forced it to shut down its operational technology network in order to contain the attack. Ransom demands on average have been doubling since 2019, the FBI said, adding that alarmingly, between 50% and 80% of victims who paid ransoms were victimised again by the same attacker, or a different group.
Another ransomware incident (which forced NEW Cooperative to shut down its operations in September 2021), came just weeks after the FBI issued a private industry notification (PIN) warning the food and agriculture sectors of the rising threat of targeted ransomware attacks. Following the incident, Claroty Chief Product Officer Grant Geyer noted that the incident should serve as a call-to-action for food and beverage companies to adopt best industrial cybersecurity best practices such as gaining complete visibility across their operational environments, continuously monitoring for threats to cyber-physical systems, and implementing industrial network segmentation to prevent the lateral spread of threat actors.
In an effort to better understand how industrial enterprises across all sectors are responding to mounting security challenges as digital transformation introduces new risk to cyber-physical systems, Claroty contracted with Pollfish to conduct an independent, global survey of 1,100 IT and OT security professionals for its latest Global State of Industrial Cybersecurity report. Our food and beverage industry snapshot zeroes in on the responses of the 36 respondents who work in the sector to glean insight into how its security practitioners are adapting to evolving challenges
For example, a U.S.-based farm lost more than $9 million after temporarily shutting down farming operations after a ransomware attack in which the threat actor was able to steal administrator credentials and access internal servers. In other attacks, a U.S.-based bakery was victimised by REvil through a managed IT service provider with access to the baker's IT network. It was forced to shut down production, shipping and receiving, delaying customer orders for more than a week. The FBI PIN also describes an attack against a U.S.-based beverage company where business systems were impacted, yet the company took down production systems in order to contain the spread of the malware. The FBI warns that this trend shows little signs of slowing down.
Why are systems easy to hack even when security measures are in place? How are these guarded?
Systems are getting hacked because cybercriminals continuously refine tried-but-true ransomware methods and look to exploit weaknesses in the software that knits together the internet. The anticipated attacks come against the backdrop of a post-pandemic situation that creates additional weaknesses. With many people still working from home, attackers seek to exploit remote connections to infiltrate corporate networks. Some scammers will also target everyday folks, who are spending more and more time in front of computer screens, in order to nab banking information, personal passwords and other data that can be used to compromise accounts.
Why should or shouldn't F&B companies think twice about going digital in the face of growing cyber security threats?
Digital transformation in the F&B industry is imperative because it enables innovation and replaces outdated and analog processes with modern, fully integrated technology. Doing so immediately reduces or eliminates the inaccuracies, delays and lost data associated with manual processes. The COVID-19 pandemic has put supply chains to the test and in many instances delays and shortages occurred, making clear the weaknesses in their current models.
What steps are necessary for companies to protect themselves from a potential security breach?
We recommend the following industrial cybersecurity best practices to mitigate cyber threats:
Could you go into detail on how Claroty can help?
Claroty's Continuous Threat Detection (CTD) solution connects to SPAN or mirror ports on standard Check Point Security Gateways or Check Point Rugged Security Appliances and automatically identifies industrial assets and network activity to provide real-time cybersecurity monitoring and process integrity alerts.
We have some of the world's most experienced IT and industrial cyber security experts who have been studying and working within the industry for decades. We know the threat landscape and unique requirements, challenges, and opportunities to protect critical infrastructure and we put that into practice every day. We partner with CISOs and other security leaders to help identify vulnerabilities, mitigate risk, and build resilience in today's dynamic environment. Here are six tangible steps we work through with our clients to ultimately arrive at more secure and intelligent operations.
Integrated Managed Security
Threat detection and monitoring must be a continuous process to remain effective – there is no set it and forget it. It also requires an integrations ecosystem that enables seamless connectivity between the OT and IT security programs, empowering CISOs to execute a holistic, enterprise-wide risk management strategy more efficiently.
Copyright (c) Ringier Trade.com. Copyright (c) Ringier Trade Media Ltd. (c) 2022.
All rights reserved. Reproduction in whole or part in any form or medium without express written permission is not allowed.
Ringier Trade .com (c) Ringier Trade Media Ltd., accept no responsibility or liability for any information provided by any third party on this website.