Very few tasks today are done without some type of computer or data-based technology. I can still remember grocery stores, department stores and the like using the manual cash registers and the carbon imprint credit card devices. If the power to the store went out, you could still purchase items and products could still be ordered from suppliers and distributors. In manufacturing, most internal and external transactions were primarily paper-based. Now we are in a digital age and reliant on technology. If those processes or systems fail, are shut down or compromised by a cyberattack, business activities and many life events can stop quickly.
Cybersecurity Risks in Food & Beverage Manufacturing
Cyber threats can impact the food supply chain in many ways. With the Internet of Things (IoT) and other advantages of agri-technology that manage and control irrigation and fertilizing systems, hackers could jeopardize the security of crops. Cyber threats could impede the movement of materials and ingredients from suppliers to manufacturers. Shipments from manufacturers to customers could be delayed or re-routed to the wrong locations. A cyber threat could shut down internal systems and even jeopardize the integrity and safety of food products. Cybersecurity processes are critical and essential to keep systems and processes running, food safe and the supply chain intact.
What are the Major Types of Cybersecurity Risks?
There are many types of cyber threats that manufacturers of food and beverage products need to combat. Here are the major threats impacting the industry today.
Web skimming
Web skimming (also known as e-skimming, card skimming or Magecart attacks) refers to cyberattacks in which hackers implant malicious computer code into websites and third-party supplies of digital systems to steal credit card information. Online sales of consumer packaged goods, especially food, continue to grow and push manufacturers to manage a different value chain than in the past. This trend has forced many of these producers to enter e-commerce sales in addition to selling through retail channels.
Hackers today are now trying to break into manufacturers’ systems and networks to look for customer credit card and personal data. Many manufacturers do not keep this type of data, however, that doesn’t stop the cybercriminal from breaking in and looking for information to steal. These breaches can trigger systems to shut down and malfunction thus impacting normal operations and disrupting manufacturing and the flow of the supply chain.
Ransomware
Ransomware attacks have been on the rise against food manufacturers. As the world is faced with the current pandemic, food manufacturers have experienced a great number of disruptions, abnormal spikes in sales, and have been impacted by consumer fears that the food supply could be in jeopardy. Today’s market situation makes this type of attack appealing to the hacking community because the repercussions of bringing down a food manufacturer could be disastrous. They can bring down all systems or parts of one system.
Ransomware attacks can result in millions of compromised internal records and customer data. When this happens, manufacturing operations are typically halted, resulting in lower earnings due to lost productivity and sales. Overall, the supply chain becomes interrupted and disconnected. In addition to the disruption of the business that was breached, peripheral businesses and operations are impacted as well. Disruptions to operations and supply chain flow could lead to expired food at all inventory levels, resulting in unnecessary food waste and millions of dollars of lost profit.
ICS/SCADA Malware
The scariest of these attacks could be that of malware that breaks into industrial control systems (ICS) and the supervisory control and data acquisition systems (SCADA) that run and manage manufacturing facilities. The focus on these systems is to either bring the factories and operations to a complete halt or worse yet, contaminate the food supply. This can be done by altering bills of materials and recipes to drastically change ingredient quantities or to add new ingredients to create a toxic product. This vulnerability has been exacerbated in the Food and Beverage industry by manufacturers’ increasing reliance on automated industrial control systems to process, store and manage large product volumes.
In recent years, new connected technologies such as Industrial IoT (IIoT) devices have been introduced into these systems to improve supply chain analytics and enable predictive maintenance. These attacks can be so complete that they change all levels of the systems to where the contaminated products can even pass most inspections.
Protecting Your Systems and Preventing Cyber Threats
Food manufacturers are always looking for ways to prevent cyber attacks to keep their businesses, data and most importantly the food products they produce safe for consumers. A good portion of an IT budget is spent on data security impacting improvement projects like shortening the time from “field to fork”, increasing productivity and boosting margins. Food manufacturers typically have lower margins than other manufacturing businesses, so IT staffs are usually smaller and have fewer resources. With this in mind, the safest strategy might be to put the management and protection of business systems in the hands of the providers with a cloud solution.
The data that is housed in an ERP system is essential to day-to-day operations and can be the prime target for hackers. The cloud is the safest environment and best practice for preventing attacks. Cloud-based ERP providers such as QAD have a deep commitment to security and have the scale to make investing in security expertise, programs and processes pay off. Single tenant systems are dedicated to each customer. It consists of your own equipment, your own server and your own network. The system is protected with all ISO standard features. Additional features include:
- Regularly scheduled penetration testing
- Intrusion detection program
- Dedicated, global incident response team
- Ongoing commitment to security certifications
- Support for industry specific compliance such as FDA for life science and food
- Diligent patching
Food and beverage manufacturers are now investing in advanced technologies to assist in all areas of their business operations. They are realizing that cyber attacks are a risk to business processes in addition to food safety. They can disrupt manufacturing processes, take down a production line and result in tainted and unhealthy products reaching the public. The financial impact of such an incident can easily reach millions of dollars. To protect themselves from these threats, food and beverage companies must ensure that their ICS environments are protected from unauthorized intervention and that all changes to production devices are tracked and monitored.
As a QAD colleague of mine with expertise in cybersecurity once told me; “Remember, if there is someone smart enough to write the protection code, there is someone smart enough to break it. So, we need to stay one step ahead of the hackers.” With QAD Adaptive ERP, we do.
