Silent cyber criminals killing cows and risking public health

The food and beverage industry is under attack from silent, and even deadly, aggressors – cyber criminals.

And manufacturers, both big and small, are falling victim.

Beverage giant Heineken has been hit by a data breach impacting 8,174 employees across a number of countries, a recent report published on BreachForums claimed. The attack gained access to full names, email addresses, company roles and more, according to hacking group ’888′.

Independent farmer Vital Bircher’s systems were breached in an attack that made it impossible to monitor the herd’s vitals. This led to the death of a cow and its calf.

The rapidly increasing number of attacks are hitting the industry in multiple ways, including ransomware, phishing scams, and data breaches. And the potential destruction is considerable. They can lead to operational downtime, significant financial losses, danger to animal welfare, supply chain disruptions, and compromise food security.

But the biggest fear for manufacturers and consumers is the potential threat to food safety, with concerns bad actors could target product formulations and labelling.

So where are these threats coming from and how can the food and beverage industry protect itself against them?

Computer Forensics Company: Where are cyber attacks on food and beverage coming from?

“The food and beverage industry faces cybersecurity threats on multiple fronts, making defence a constant challenge,” says Marcel Koks, senior director of industry and solution strategy at cloud software development company Infor.

And many manufacturers, particularly smaller ones, aren’t equipped to defend themselves.

“Many legacy systems, used by today’s businesses, weren’t initially designed for online use, making them especially vulnerable to modern attacks,” Koks explains.

So how are they getting in?

“Threat actors (hackers) deploy sophisticated ransomware across various platforms, targeting personal computers, mobile devices, and even Internet of Things (IOT) and Cyber Physical Systems (CPS) environments,” says Koks.

But the threat doesn’t stop at the factory gates. Food and beverage manufacturers are facing attacks at all stages of production.

“Beyond the walls of the company, we’ve seen how weaknesses within the supply chain itself – such as poor incident response, fragile software development practices, and insufficient authentication – can create a perfect storm of cyber threats,” he adds.

Computer Forensics Company: What are the biggest cyber threats faced by the industry?

“Phishing attacks, targeting employee vulnerabilities, are a significant concern,” says Koks. “While weak security practices leave systems exposed to password-based attacks, which are still worryingly common.”

Ransomware attacks are also becoming increasingly disruptive, and are on the rise, with a staggering 58% of affected firms forced to halt operations last year, according to Infor. That’s up from 45% in 2021. And, unlike other business disruptions, these can impact company operations for days or even weeks, hitting productivity and profitability hard.

The severity of the threats is increasing, as attackers get smarter and more creative.

“The landscape is constantly evolving, making defence increasingly complex and harder to anticipate,” says Koks.

And not only are these attacks extremely costly to businesses, they’re also placing strain on the global economy.

“Cybercrime is projected to cost the global economy $10.5tn in 2025,” he says.

Computer Forensics Company: What can industry do to protect itself against cybercrime?

The industry is already making strategic shifts towards more secure operational systems, with manufacturers including Mondelēz International, The Kraft Heinz Company and Nestlé, making it a priority.

“We take cybersecurity very seriously,” says a Nestlé spokesperson. “As an extra layer of protection to our cybersecurity program, we are committed to working with skilled security researchers across the globe to help identify and mitigate any potential security vulnerabilities in our systems not already detected through our internal controls.”

Many manufacturers are also implementing multiple sourcing strategies to prevent over-reliance on a single vendor in their supply chain.

But, as the threat continues to grow, companies will need to further increase their protection against cyber criminals. This includes carrying out detailed risk assessments and developing comprehensive contingency plans. It’s also important to invest in people.

“Investing in cybersecurity expertise and employee training is critical as human error remains one of the biggest security risks,” says Koks.

Read More