Food and cybersecurity seem like very different topics. When we think of our favorite potato chips or steaks to sizzle on the grill, ransomware isn’t the first thing that comes to mind. However, the food supply chain is under increasing threat from cybercriminals, and managed service providers (MSPs) can have a frontline role in keeping food supplies safe.
The issue of food safety and cybersecurity has grabbed the attention of Congress. A bipartisan group of senators has proposed the Farm and Food Cybersecurity Act. This act calls upon the Secretary of Agriculture, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), to conduct a study on a biennial basis to investigate the cybersecurity status in the agriculture and food critical infrastructure sector. This includes the nature and extent of cyberattacks and incidents that affect the agriculture and food critical infrastructure sector; and the potential impacts of a cyberattack or incident on the safety, security, and availability of food products, as well as on the economy, public health, and national security of the U.S.
Food spoilage following a cyberattack is a huge risk
Food & Beverage was the third most compromised industry after Retail and Hospitality, accounting for 10 percent of all attacks.
Some of these attacks have grabbed headlines, including an incident in 2021 where several grain processors in Iowa and Minnesota were targeted with a ransomware attack. This attack caused downtime that impacted food supply. During the same year, cybercriminals targeted JBS meats which caused the major nationwide meat supplier to go dark.
While food suppliers have been targeted in the United States, so far there hasn’t been major disruption. However, experts say that could change.
David Anderson, VP of Cyber Liability for Woodruff Sawyer, explains one concern is threat actors compromising IoT devices that control manufacturing and temperatures which can cause spoilage. “This is a huge risk for the food and beverage industry.”
Robert Khachatryan, the CEO of Freight Right Logistics, a company heavily involved in the transportation of food supplies, believes the extensive food supply chain creates a vulnerable situation for the industry.
“The intricate web of suppliers, distributors, and retailers increases vulnerability points, making comprehensive security strategies essential,” Khachatryan states. There is also the issue of data sensitivity. He adds, “The food sector’s reliance on sensitive data, from production to distribution, underscores the need for robust encryption and access controls.”
Steps to mitigate the danger
Khachatryan says the following steps can help prevent attacks on the food supply chain:
Risk assessment: Regular, thorough risk assessments can identify potential vulnerabilities. A proactive approach can significantly reduce the likelihood of breaches.
Collaborative security frameworks: Building a collaborative security framework among all supply chain stakeholders enhances collective defense capabilities.
Advanced monitoring and artificial intelligence (AI): Implementing AI-driven security tools for real-time threat detection can reduce incident response times. Leveraging real-time threat intelligence from a reliable vendor can decrease the success rate of an attack by over 97 percent.
The role of MSPs
Khachatryan explains there are several areas that MSPs can focus on when protecting food supply-oriented customers:
Strategic oversight: Aligning cybersecurity measures with business objectives to ensure seamless supply chain operations.
Technical expertise: MSPs provide the technical expertise necessary to implement and manage advanced cybersecurity solutions to mitigate sophisticated threats.
Khachatryan emphasizes that, in an era where cybersecurity threats loom large over the food supply chain, the strategic collaboration between Chief Information Security Officers (CISOs), MSPs, and supply chain entities is paramount. Leveraging advanced technologies and fostering a culture of cybersecurity can significantly enhance the resilience of our food supply against digital threats.
Mark Haas, CEO of the food branding agency the Helmsman Group, agrees that a robust cybersecurity program is needed to protect the food and beverage space. “In an era where digital threats loom large over every sector, the food industry stands as an unexpected battleground for cybersecurity,” he says.
Haas adds the idea that the food supply attacks involve just protected recipes or a few grain elevators misses the gravity that destabilizing the food supply entails. “A breach in this data could lead to more than just competitive disadvantages or financial setbacks; it could undermine consumers’ trust in their favorite brands, potentially destabilizing entire market segments,” he explains. “It’s a reminder that in the digital age, cybersecurity is not just about protecting information; it’s about safeguarding reputations, livelihoods, and the intricate web of connections that feed the world.”
Haas also remarks that MSPs and cybersecurity experts are the vanguard for protecting food supplies. “Their expertise and strategic foresight are critical in not just reacting to threats but anticipating them, ensuring that defenses are always several steps ahead.”
Photo: Fit Ztudio / Shutterstock