Risky Business: Cyberattacks on the Food Supply
Estimated reading time: 3 minutes
Cybercrime—criminal activity carried out via computers or the Internet—is big business these days, at times delivering illicit gains larger than the record-breaking stock market. In 2016, some malware attacks (in which malicious software is intended to damage computer systems) yielded hackers a whopping 1,425 percent return on their hacking investment! Certainly, the payday is attractive, but it’s not only money that motivates the bad guys.
From Russia’s alleged interference in the U.S. presidential election to data breeches at big corporations like Yahoo and Target, cyber attackers collect private and sensitive information, steal intellectual property, malign leading brands, and could even contaminate the country’s food supply (Trustwave).
Given the number and types of hacks on the rise, shippers and the transportation industry are wise to consider the ramifications of a potential cyberattack on food & beverage logistics operations. A single data or security breach could eat through an entire food supply chain, spreading from shippers to warehouses to retailers to consumers—and impacting the other parties with whom each member does business. Such losses could affect a company for years. Further, as supply chain processes evolve with the times, they’ll also become more dependent on software, GPS, sensors, and other “Internet of Things (IoT) technologies. The threat will only intensify.
Growing Vulnerabilities in the Food Chain
Attacks on the food supply are not likely to be a priority for most hackers—credit card data is still king. That said, according to Trustwave, a leading data security firm, Food & Beverage was the third most compromised industry after Retail and Hospitality, accounting for 10 percent of all attacks. While that number may seem small compared to the massive breaches reported by news outlets recently, it’s important to understand that 70 percent of hacked Food & Beverage companies go out of business within a year of an attack (Trustwave).
Shedding Light on Agro-Terrorism
The food supply’s vulnerability is not lost on the U.S. Department of Homeland Security, which considers the entire Food & Agriculture industry one of the 16 national critical infrastructures. This designation has generated attention for a new type of cyber threat called agro-terrorism: deliberately contaminating the country’s food supply, with the intent to terrorize and harm people (National Cybersecurity Institute).
Experts theorize that agro-terrorism attacks could significantly impact the food supply chain in two ways:
- Blocking Transport: Breaching logistics technology and programs could interfere with transportation, leaving entire sectors of the population without adequate supplies of food and beverages.
- Malicious Tampering: Hacking into the Programable Logic Controllers (PLCs) food manufacturers use to regulate additives and preservatives in food could lead to widespread contamination or poisoning.
As for food-based business networks, hackers are likely to worm their way in just as they do in other industries. The majority of vulnerabilities in technology and software can often be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords, a lack of proper staff training, and the like (Trustwave).
Protecting Your Food-based Business
The prospect of a cyberattack is real on many fronts and prevention is key. To protect your business, supply chain partners, and customers, make sure you enact the following proactive measures immediately:
- Educate your employees on data security best practices and enforce them from the top down
- Address vulnerabilities in your security configurations, password policies, firewalls, etc., and regularly audit systems for weaknesses
- Introduce a comprehensive cybersecurity program that incorporates food quality and safety
- Create a detailed plan for remediation should an incident occur
- Assess your suppliers and partners’ cybersecurity risk, and only work with vendors that meet certain security protocols