Food and drink under attack: why cyber security is critical to the sector
Written by Rich Jackson, Strategic Business Manager at Moore ClearComm, the cyber and data protection division within Moore Kingston Smith.
A cyber attack on a food and drink company, and the subsequent impact on its supply chain, has the potential to disrupt widespread food production and distribution, in turn leading to food shortages and higher prices. Unlike any other product, food is the one fundamental necessity that cannot be foregone.
Cyber resilience in the sector is crucial for ensuring operational stability and the ability to respond to disruptions effectively. This allows preservation of the supply chain and maintenance of the sector’s overall integrity.
It is essential to understand the factors that combine to increase the sector’s risk and vulnerability. This might be distribution and logistics, third-party storage, farming and agriculture, and the widespread adoption of technology that exposes the sector to cyber risks.
Why is food and drink particularly vulnerable?
Maintaining the technical infrastructure of the food and drink sector is critical to the continued production and distribution of supply – not to mention avoiding risks to public health. It is a sector that has become highly reliant on technology. Most food and drink manufacturers generate, process, collect and disseminate vast volumes of data (both personal and financial) throughout their own and third-party systems.
Because the food and drink supply chain is large and complex, there has been a significant shift in the outsourcing of core processes, such as logistics and storage. This, in turn, has grown the supplier network exponentially.
This creates a perfect storm for increased exposure to cyber threats such as ransomware, data breaches and phishing attacks. Organised cyber criminals (including, shockingly, nation state-backed threat actors) are actively targeting the food and drink sector on a daily basis with a multitude of reasons such as financial.
Distribution and logistics risks
The modern logistics industry has undergone hugely significant changes regarding digital transformation. Food and drink companies are embracing emerging technologies such as IOT devices and artificial intelligence to improve efficiency and performance, while also reducing overheads.
However, as with all digital progression, these adoptions are accompanied by an increased cyber threat landscape and heightened risk factors requiring a proportional increase in security measures. An article in Infosecurity Magazine details the case of one of the UK’s largest privately owned logistics firms entering administration due to disruption caused by a ransomware attack. UK Logistics Firm Forced to Close After Ransomware Breach
Supply chain risks
Most food and drink companies will operate a thorough crisis management plan to cope with the extensive list of potential crises. However, because the sector is highly susceptible to challenging recovery periods following a cyber attack in the supply chain, the impact of these events is significant and far-reaching.
Working on the assumption that most organisations rely on internet-enabled software to manage procurement and supply chains means that every supply chain is at risk. Conducting a risk assessment of each supplier and asking them to prove their cyber security credentials (for example, a current Cyber Essentials Plus certificate) should be a priority. Naturally, this presupposes that the food and drink company itself has considered its own cyber security.
However, the shrewdest leaders in the food and drink companies are taking more preventative measures and proactively forecasting operational interruption with business continuity planning.
Business continuity planning
Having a comprehensive business continuity plan is essential for food and drink companies. It not only addresses the company’s own cyber frailties but also covers insecure suppliers or a supplier falling victim to a cyber attack. Factor in a supplier being out of action for a period of time and consider the impact operationally, commercially and from a data privacy perspective.
A comprehensive business continuity plan helps a business to return to normal activities following a cyber incident as efficiently as possible.
- Organisations that create, maintain and test their business continuity plan regularly are far better prepared and able to:
- Contain the incident effectively, avoiding widespread impact (internally and externally);
- Minimise long-term impacts to the company, its reputation and brand;
- Protect suppliers and (in turn) avoid potential litigation or significant penalties;
- Act within the law and avoid legal ramifications;
- Liaise and support third-party responders and government agencies;
- Quickly identify and address concerns from customers, suppliers, shareholders or the public;
- Engage the media in a controlled and timely manner;
- Limit and control immediate or ongoing financial exposure.
To increase future yield and sustainability, the food and drink industry has long embraced the potential of technology and science. In recent years, there has been increased focus on the application of scientifically precise and automated farming techniques.
Help from the experts
If you would like to know how Moore ClearComm can help your food and drink company shore up its cyber security, please get in touch with us.
Email: info@mooreclear.com
Telephone: 020 8088 8810