Cyber Threat Security Tips For Food And Beverage Manufacturers, Distributors, And Retailers

The food and beverage sector is seeing a spike in cyber attacks and cybersecurity threats. Here are actionable steps you can take to improve cyber security in your organization.

August 26, 2022

Most food and beverage companies aren’t prepared for cybercrime. There’s either a lack of proactive protective measures put in place or existing protocols have become outdated. As a result, it has been reported that the food and beverage industry has experienced the greatest increase in data breaches from 2019 to 2020 of any industry. It continues, too.

In May 2021, the world's largest meat processing company, JBS Foods, paid $11 million in ransom to stop cyberattacks against their infrastructure.

Also in early 2021, a large brewery in the U.S. was hit by a cyberattack and the impact went far beyond an email outage; it stopped production and shipping operations completely. 

Cybersecurity Stats

The ways that cyber criminals try to infiltrate an organization’s digital systems changes as quickly as consumer demand for food and beverage products. It’s important for the entire supply chain – and the end consumer – that time and attention is devoted to preventing cybercrime.

Four Steps To Prevent Cybercrime In The Food And Beverage Industry

Step One: The easy first step to increase a company’s cybersecurity is to add it as a topic to leadership agendas, quarterly company gatherings, onboarding documents, and other recurring, company-wide documentation and meetings.

Step Two: Now that it’s a recurring topic of discussion, you’ll need to ensure you set intentions for your meetings. This means beginning with a risk assessment to determine what needs proactive discussion. This is the hard work of thinking through all of the places a cyberattack might occur. For example: email, online systems, fleet management, cell phones, and payroll, to name a few.

No amount of Googling will get you an inclusive list of breach points. Cybersecurity is a mental exercise for each individual organization to ask the question “What happens if X happens?”

Step Three: Once your first risk assessment is complete, turn it into a drill and practice it. This is no different than fire drills that take place in school. The most secure food and beverage companies devote time and resources to run a drill where the email server is shut down or a meeting is called with the executive team to discuss a mock situation in which the company was hit with a ransomware attack. 

Step Four: Assuming some time has passed since step one, this last step begins with a reassessment of risks. Has your organization adopted a new acronym? Has it migrated to a new software platform? Was the payroll system recently switched? 

There is no shortage of independent 3rd party companies that will audit your controls and processes or implement regular penetration tests to help you regularly reassess your risks and harden your systems. 

Because food and beverage companies rely so heavily on software for their ERP (Enterprise Resource Planning), payroll, or customer management, it’s incredibly important to evaluate the security in place with the companies you’re working with.

Here are five questions to ask your existing software solution providers or any future ones:

  1. What steps do you take to prevent cybersecurity threats to our data?

  2. Can you share your SOC audit?

  3. Do you have a PCI Certification?

  4. When was the last time you underwent penetration testing and what were the results?

  5. What are your ransomware protection and recovery methods?

A software company’s ability to share answers to these questions is an immediate sign as to whether or not you can trust them with your data. 

A key long-term security strategy is to utilize software vendors that do not charge per user. This ensures that every person receives their own unique login, where only they know the password. SaaS software that does charge per user tends to have security risks in the long term as cost-cutting measures may inadvertently lead to people sharing the same login.

Interested in learning more about cybersecurity? Check out Encompass VP of eCommerce, Bill Kraich’s latest contribution to Beverage Industry Magazine: As Cyberattacks Increase, Every Facet of Operation Is Vulnerable

Wavy Background