More than halfway through 2023, cyber-security has once again found itself at the forefront of conversations in the food and beverage manufacturing space. The year began with a bang after Dole was struck by a ransomware attack in February, which temporarily halted production in various North American facilities, and resulted in bare shelves for days. The Dole attack came less than two years after the infamous JBS attack of 2021, which saw the global meat supplier pay hackers a whopping $11 million to restore its operations.
As demonstrated by these two attacks, and more than 40 other ransomware incidents in the food and agriculture sector reported to the FBI last year, system downtime can cost food and beverage companies tens of millions of dollars in lost revenue, not to mention the negative effect on brand reputation and customer trust. With the threat of cyber-attacks against the food and agriculture industry remaining consistent, these companies need stronger security measures that can help them achieve true cyber-resilience.
For food and beverage manufacturers, the impact of an attempted cyber-attack hinges on the security of their critical enterprise resource planning (ERP), supply chain, and e-commerce applications. The need for supply chain digitization and integrated e-commerce solutions is driving digital transformation at unprecedented speed, often without full recognition of the security implications attached to these projects.
Let’s explore how food and beverage manufacturers can develop a stronger cyber-security posture that serves to protect a business’s most critical applications and helps counter the ongoing threat of cyber-activity.
Getting an Inside Look
While food and beverage manufacturers rely heavily on ERP software to fulfill their day-to-day obligations, the security of this software inexplicably remains one of the largest blind spots for organizations across the industry. Many manufacturers simply lack the necessary visibility into their ERP landscape, leaving them unaware of potential risks within their critical applications.
Home to a bevy of sensitive corporate information, including proprietary recipes, customer information, and more, ERP software can be a lucrative target for cyber-attackers who are growing increasingly sophisticated in their approaches.
With deep visibility into ERP systems, food and beverage manufacturers can gain a full picture of where potential security gaps lie and ensure they are managing risk across their environments. This allows teams to translate vulnerabilities into business risk, and communicate to key stakeholders exactly what is putting sensitive data at risk.
Making the Right Moves
Amid economic uncertainty, organizations are understandably being cautious when it comes to their cyber-security investments. Manufacturers are only willing to invest in the tools that protect their most important assets.
Vulnerability management tools, purpose-built to detect flaws in business applications, can help teams monitor users, hunt vulnerabilities at the application layer, observe suspicious activity, and overall achieve a greater understanding of their attack surface.
For example, a deep dive into ERP software may reveal elevated user privileges that unintentionally grant someone access to intellectual property that could be sold or held for ransom. Or worse, there may be direct access to finances and operations. Through this discovery process, user access can be adjusted, and the threat can be remediated before it has even presented itself.
Putting a Plan Together
Ultimately, tools are just one piece of the broader cyber-resilience puzzle. Even with the strongest tools in place, manufacturers can still fall victim to cyber-attacks that halt their supply chains without notice. Food and beverage security teams must be equipped to monitor and respond when a threat presents itself.
When it comes to developing a game plan for responding to an attack, it is important to remember that critical applications like ERP often require a deeper level of consideration when guarding against threats of a malware attack, due to their sensitivity and complexity. Teams must ensure that their playbooks are tested ahead of time to prepare a proactive response in the event of a cyber-threat.
With the benefit of prioritized insights and guidance enabled by continuous threat monitoring and detection, even team members with little experience in ERP security can have the context they need to act quickly on issues that pose the greatest risk to supply chain systems and data.
Securing the Future
As cyber-attacks targeting the food and beverage industry continue to pose a significant threat to business operations, manufacturers are facing a unique challenge. Not only are they tasked with protecting critical systems, but also with ensuring the safety of their products, all while simultaneously meeting accelerated demand for digitization, and increasing privacy regulations.
Enhanced visibility, paired with purpose-built tools designed to monitor the organization’s most critical applications, along with a strategic response plan, can help manufacturers stay ahead of the curve, and fulfill their overlapping obligations. With full vision over the complex business application landscape, manufacturers can feel empowered to detect and remediate cyber-threats as they emerge.
Sadik Al-Abdulla is chief product officer at Onapsis.