Preventing cybersecurity attacks against food, beverage facilities

While innovations can help food processing facilities run smoothly, they can also leave them vulnerable to data breaches and cyberattacks. Four tips for preventing breaches are highlighted.

By Brian Ellison August 16, 2022
Courtesy: CFE Media

Cybersecurity Insights

  • As automation has become a regular feature of food processing facilities, the necessity for proper cybersecurity measures is more important than ever.
  • It’s important to develop and implement a security awareness program, set security standards, make security a part of a companies culture and look into acquiring cyber insurance.
  • Companies should be cautious when using enterprise systems and make sure they are properly protected.

Food processing facilities have come a long way since pre-industrial days. Each year, food and beverage companies rely more heavily on automation, high-tech building management systems, remotely accessible machine sensors, modern data collection and the latest technology. While these innovations can help facilities run more smoothly, they can also leave them vulnerable to data breaches and cyberattacks.

In 2020, the average cost of a cyberattack was $3.86 million, according to the Association for Packaging and Processing Technologies (PMMI). When computer intrusions happen, cybercriminals are typically seeking out a company’s intellectual property or customer and client data that can be exchanged for digital currencies, like passwords, protected health information, personal identity information and credit card information.

Every company will be targeted by a malware or ransomware attack at some point. It’s just a matter of when, so it’s vital to have a robust cybersecurity plan that protects assets and information for food processing facilities.

Four tips for preventing network hacking and data breaches in food processing

It is paramount to have in place a cybersecurity plan before an incident occurs. The last thing wanted is to be left scrambling in the wake of a cyberattack.

1. Develop and implement a security awareness program

Every employee should be trained to recognize security attacks, especially considering 90% of all data breaches come through email. One click — even an accidental one — can cascade into a company-wide ransomware issue that could potentially cost millions of dollars.

A program should also include a designated incident response team that works with the risk management department. As a company builds its team, it should make sure to include department representatives from human resources, information services and corporate communications. It’s also imperative that the incident response team has at least one engaged executive leader to champion the program and the team.

A company may need to outsource to fill the Information Technology/Information Services (IT/IS) role on the team if there is not a qualified expert on staff who can run a forensic diagnosis in the event of a data breach.

2. Set security standards

Draft a clear security policy framework using a standard like those of the National Institute of Standards and Technology (NIST) or the Department of Defense Cybersecurity Maturity Model (CMMC).

Use a maturity model to gauge where the company falls on the cybersecurity scale — a level one meaning there are little to no security policies in place, and a level five meaning a completely mature and automated plan. Most companies, especially in the food processing industry, sit around a 2.5 to a 3 level. They may have established operational controls, but are more reactive than proactive in implementing them. Use the results of the maturity model assessment to set cybersecurity goals for your plant.

3. Make security part of your company culture

Security is not just an information technology problem. It is a company-wide challenge that employees should be keenly aware of year-round. According to PMMI, 11% of the most serious and damaging of all cyberattacks involve some kind of employee carelessness.

Some proactive security measures to consider adopting:

  • Connect remote workers with a secure virtual private network (VPN).
  • Implement multi-factor authentication. Passwords alone are not secure.
  • Make sure employees do not write down their passwords or leave other valuable information laying around.
  • Safely dispose of documents containing private information.
  • Establish clear reporting guidelines for suspicious activities.
  • Screen incoming suppliers at the door.
  • Evaluate the physical security in your food processing plant.
  • Verify all wire transactions by phone. Do not rely solely on email confirmation.
  • Develop required training for on-boarding employees and require all employees to renew training at regular intervals to ensure everyone is aware of the latest threats and protections.
  • Make sure you have a tested backup and recovery process to recover information that is lost or damaged during a ransomware attack.

4. Investigate cybersecurity insurance

Obtaining cybersecurity insurance can offset your risk in the event of a data breach, especially if you are dealing with sensitive client information. The proper coverage can insulate your company from some of the losses in the event you are asked to pay a ransom. However, there is no guarantee cybercriminals will return key data, even if that ransom is paid.

Cybersecurity plans must evolve with technology

Your food processing facility may already have a cybersecurity awareness program in place. However, the work-from-home business model is presenting processing plants with new cybersecurity challenges, which means companies may need to reevaluate their plans. Additionally, consider that as technology becomes more sophisticated, so too will costly phishing scams and online threats.

Cybersecurity failures result in reputation damage, monetary loss

In 2021, a hacker targeted a water treatment plant in Oldsmar, Florida, a small town near Tampa. The city’s water supply was nearly poisoned when the hacker infiltrated the plant’s remote access program and briefly increased the amount of sodium hydroxide in the water. Thankfully, a supervisor caught the online tampering and reversed the settings before any long-lasting harm was done.

This instance proves cyberattacks do more than hurt your bottom line. They can physically hurt your employees or customers and do irreparable damage to your company’s reputation. If the public learns of the hack, as they did in the water treatment plant case, trust may be lost, which is much harder to quantify than material damages and could even put you out of business.

Contractors can be the weak link

In recent years, the construction industry has become a big target for hackers. In fact, the construction industry was the most frequently hit by ransomware in 2021, according to IAT Insurance Group. This is partly due to construction companies often using enterprise data warehouses to store corporate data from operational systems in a cloud-based server or the company’s mainframe server. If left unprotected, hackers can access these servers and hold hostage key information affecting project timelines.

In 2013, hackers breached Target’s security and accessed its network, taking over the national department store chain’s point-of-sale system. Over the course of several months, the cybercriminals were able to steal data on roughly 40 million debit and credit cards. Despite Target being a large corporation, and likely having a strong cybersecurity plan, the hackers were able to do this by stealing login credentials from one of Target’s heating, ventilation and cooling subcontractors. This is a strong reminder that it is paramount owners ensure there are no weak links in their operation. Vendors, as well as employees, must be compliant with your security program.

What to do after a hack

If a cybersecurity hack occurs, ensure your incident response team is able to preserve as much of the evidence of the attack as possible to determine where it came from and how to clean it up. If you need to report the crime to authorities, there must be a clear chain of custody to help officials recover that information in a timely manner and have any chance at all of prosecution.

Once you determine how the attack happened, you will be able to see where your weak links are and train employees to recognize them moving forward. Be sure to close any loopholes the cybercriminals used to access your network, such as unpatched servers, weak passwords or unsecure exposed services.

Finally, knowing the root cause of the attack and performing a cost-benefit analysis will help the incident response team determine how to best protect your data and intellectual property in the future — whether through new technology or by investing in additional cybersecurity measures. While this may drive up overhead costs, cyberattacks can have catastrophic results, so you cannot afford to be negligent.

– This originally appeared on Stellar’s Food for Thought blog. Stellar is a CFE Media and Technology content partner.

Original content can be found at Stellar.

Author Bio: Brian is a results-driven IT solutions and security professional. He is experienced with leading teams to successfully deliver solutions including new digital marketing platforms, business process engineering, data center migrations, infrastructure consolidations, transitions to cloud and converged communications.