Why Is Cybersecurity In Food Industry Important For Food Safety?
Updated on: 01/07/2022
257 Views | 0 Comments
The food and agriculture industry is a much more critical sector as it directly impacts the lives of everyone globally. Similar to the various other industries, the future of the food and agriculture industry is aiming to see robots making lives easier. Automated agro-bots will surely be introduced that will monitor, treat and work on the land. For this, the sector will implement high-tech tools that have been designed to help maximize the yields and minimize the disease. This also calls for the importance of cybersecurity in food industry for yield safety.
The advancement in agri-tech has also caused a higher risk of various cyber threats. These cyber security threats are constantly on the rise. Prior to the rise of the multinational consolidated agribusinesses, the greater part of the food production throughout the world was produced by the ranchers and the small farmers that served the local community. This has been taken over by automation.
Considering the history of the food industry (food safety and hygiene) and the agricultural sector, it was never a target for cybercriminals. However, standing in the current era, the threat actors consider the food industry to have the potential to be attacked as the whole world depends on the food supply. Introducing malware such as ransomware could help them reach their goal easily through the food and agriculture sector. The goal of the cyber attackers is mostly associated with financial gains. However, political aspects and social hacktivism must not be overlooked.
Table of Contents
- Cybersecurity In Food Industry: Issues In The Sector
- Noteworthy Cyber Attacks In The Food Industry
- What Are The Impacts of Cyber Attacks In The Food Industry?
- Why Is The Food Industry Vulnerable To Cyber Attacks?
- IoT & Food Industry: Updating Your IoT Security In The Food Industry
- The Certification Bodies Associated With Food Industry
Cybersecurity In Food Industry: Issues In The Sector
The food and agriculture industry includes a wide spectrum of companies offering a variety of products and services. The large ranches and farms utilize automated as well as connected systems making work easier with each passing day. This includes automation from the tractor autosteer systems, and crop moisture testing to auto distribution to the warehouses.
The fact is that most of the companies making up the food supply chain in the nation are interdependent. Even a slow down during the harvest season might impact the entire industry. This is just because the effects of the events last for a really long time and this could be for weeks or months. The restaurants and the retail stores require easy access to the food products. Additionally, reliable sources are also a factor for them. Thus, any disruption in the food and agriculture sector means shortages of supply and higher prices for the products.
This sector has seen several cyber security attacks in the past and thus, it can be stated that the food supply chain of the world is much fragile and is dominated by a small number of large food companies. The cyber threat actors are continuously aiming to shut down production. This in turn will threaten people’s lives, food production networks as well as the food company business networks putting them at risk.
Noteworthy Cyber Attacks In The Food Industry
Shutting down the massive food production or distribution business offers cybercriminals with immense advantage. On the contrary, this situation creates an intolerable condition for both the production house and the common people. Thus, the companies must know that they have to resolve the situation as soon as possible before it gets even more detrimental and creates social turmoil.
Keeping in mind what these cyberattacks including phishing in cyber security breaches can do, here are some notable cyberattacks that the food industry and associated industries have gone through.
(A) Ransomware Attacks
The following are some examples of the ransomware attack and its aftermath:
1. Harvest Sherwood Food Distributors
Back in May 2020, Happy Blog, the data surfacing the Tor hidden service stated that the hackers that deployed REvil Ransomware or Sodinokibi had attacked Harvest Sherwood Food Distributors. The attackers had been successful in stealing critical data from the company. It had also threatened the company to disclose it publicly. Later, the same ransomware had been used against JBS Meats, a meat supplier where they stole approximately 2600 files from the food distributor. The stolen data had included the following:
- Cash-flow Analysis
- Distributor Data
- Business Insurance Content
- Vendor Information
- Driver’s Licenses (Scanned Images) of Employees.
2. JFC International
Back in March 2021, JFC International disclosed that it had faced a ransomware attack that successfully disrupted a number of its IT systems. The company is a major distributor as well as a wholesaler of Asian food products. It basically serves the US and European markets. The company mentioned that the attack had impacted the Europe Group of JFC International. Following the attacks, they were able to resume their normal operations after they had informed the law and enforcement, the business partners and the employees about the attack.
3. Loaves & Fishes
Loaves and Fishes is a non-profit food provider. It offers nutritious balanced groceries to the families and individuals experiencing a short-term crisis via the mobile’s “drive-through” style food distribution websites. In August 2020, the company announced that sensitive customer information was exfiltrated when there was a widespread Blackbaud attack.
Blackbaud is a software and cloud hosting solutions provider. The company had restricted a ransomware attack from encrypting files. However, the company had still cleared a ransom demand so that the hackers do not publish the protected information regarding their clients. Loaves and fishes was one of the clients of Blackbaud. The hosting company had stated that they have no evidence that the data had been sold online through any dark website. But there was still an opportunity for the hackers to do that.
Haldiram Snacks Pvt. Ltd. had suffered a major data breach through a ransomware attack. The hackers had encrypted all the files, applications, data and systems. The hackers had also demanded a ransom of $7,50,000 for offering them access to the stolen data. Then the sweets and snacks maker filed a complaint to the cyber cell. Later, it was found out that the server was hacked and hit by ransomware.
5. Mithaas (Restaurant Chain)
The restaurant chain Mithaas was also hacked by cybercriminals. They had employed ransomware. After a complaint was lodged with the Noida police, they launched a probe into the matter. This case came amidst broad daylight just after the fortnight of the Haldiram attack, whose servers were also attacked with ransomware. The main aim was to encrypt the files of the company and demand ransom to decrypt it.
The ransomware implant followed by hacking at the server of Mithaas took place in the afternoon. This resulted in the encryption of all the files in a similar format and thus complete data became useless. The employees of the company were displayed with a ransomware screen that asked them to contact the hackers for further information recovery.
The company runs its outlets in Ghaziabad, Noida, Greater Noida and Meerut. The employees complained that they have been provided with a recovery link and the compromised system is located at their office in the Industrial Sector 63, Noida.
(B) Data Breaches
The following are some examples of the data breaches and their aftermath:
1. Home Chef
This food distributor is owned by Kroger Foods. It is basically a startup that offers meal kits, food ingredients and recipes to its customers. The security researchers had revealed that in May 2020, they had discovered usernames and passwords of the users of Home Chef for sale on the darknet. Following this, the Chicago-based company had mentioned that a security breach incident had compromised the information of an undisclosed number of its customers. Such a security event causes no danger to the food supply. However, it is a risk to the consumers of these services.
2. Big Basket
Big Basket is a leading e-grocery company. The data leak of the company is considered to be the largest loot in Indian cyberspace. A global security firm has declared that the information of 20 million user accounts has been publicized in the cybercrime market. The data breach took place on the 30th of October,2020. Following this, the data was soon put on sale for INR 3 million. However, the news did not come to light unless the company wanted to disclose it on the 7th of November, 2020.
As the news goes, the database of BigBasket consisting of more than 20 million customers has been leaked online on the dark web. This happened months after the company had confirmed the data leak. The database that had been posted online consisted of names, phone numbers, email addresses and hashed passwords of the breached customers. The data also possesses the date of birth and physical addresses of the users of Big basket.
The database containing the passwords available on the dark web contains passwords in the encrypted format. However, a hacker had mentioned that it has successfully decrypted some of the leaked passwords. The Big Basket database on the dark web has been uploaded by a hacker group known as ShinyHunters.
Dominos is a renowned name when talking about Pizzas. Lately, the company has been compromised in a data breach. The cyber breach exposed the order details of 18 crore customers. Initially, the data breach was spotted by an Internet security researcher. The database includes 130TB of customer details and data files of the employees.
Furthermore, the cyber attackers had created a web page on the dark web that is capable of drawing the data for any of the leaked order details. All it has to do is search for an email address or a phone number. The data is currently available to the public making it easier for anyone to search for it. The worst part is that you would not require any browser or search engine such as Tor for getting into the public details of the breached data.
It had been revealed that any customer who had ordered food from the company via phone calls using their email ID or phone number could have been a prey of the data leak. The leaked information disclosed the name, phone numbers, dates, and email IDs of the customers. It also exposed the total number of transactions, precise latitude and longitude coordinates of the addresses and the total amount that has been spent on the transactions in rupees.
In July 2020, a Google-owned on-demand delivery startup, Dunzo had confessed officially that it had suffered a data breach. The attack was successful in exposing the user’s email addresses and phone numbers. However, as per the CTO of the company, there was no leakage of the transactional payment details.
Payment processing companies are not safe as well. Such a company that has been a target of a cyber-attack or data breach is Juspay. It all happened in August 2020, when the payment servers of the company had been accessed in an unauthorized manner. This led to the leakage of 100 million users’ data on the dark web. The compromised database included the names, email addresses, and phone numbers of the cardholders in addition to the first and last digits of the cards. Various reputed platforms are associated with the company such as Flipkart, Swiggy, Amazon India and more.
What Are The Impacts of Cyber Attacks In The Food Industry?
Below are the various impacts of cyber attacks in the food industry as listed by the FBI and cyber security companies.
➤ Disruption In The Operations
➤ Economic Cost
- Corporate information theft
- Financial information theft
- Loss of money
➤ Negative Effects On The Supply Chain
- Loss of customers
- Loss of sales
- Reduction in profits
➤ Legal Consequences (Fines and regulatory sanctions depending on the kind of attack, kind of data loss and mismanagement).
Why Is The Food Industry Vulnerable To Cyber Attacks?
The FBI has mentioned that the infrastructure of the food industry, including the agricultural industry has become more prone to cyber attacks as the cybercriminals find these industries an easy bet. This is solely because these sectors have progressed a lot and adopted smart technologies that pave the way to the network.
The criminals believe that the larger institutions are capable of paying for their demands as they have resources. However, the smaller businesses often lack the required updates that are required to shoo off the cybercriminals.
IoT & Food Industry: Updating Your IoT Security In The Food Industry
IoT or the Internet of Things has been a part of almost all industries since it is well adopted. IoT is a great example of technological advancements. With the hard times that the Covid-19 pandemic has offered, the food industry has inclined mostly towards the IoT. Another change that mostly got a boost is the home delivery and online payments. Cloud data services are also embraced which can prove to be even more secure. But the problem is that the sectors might not be investing in managing cloud data security.
The IoT based sensors, GPS, mobile apps, cloud and drones improve yields, lower costs and drive efficiency. This means that they involve a rise in the cyberattack surface. This is the reason why IoT needs to grow as well and resolve the need of cyber security.
Here are some ways to update your IoT security in the food industry and remember basic cyber security:
✅ Acquiring the necessary expertise of your actual platforms and systems, especially when using the cloud.
✅ Adopting the right security tools, leveraging intelligence and automation for your industry and requirements.
✅ Boosting cyber security awareness training for the processing and operations staff.
✅ Conducting end-to-end cyber risk assessments. Look for systems that need to be updated regularly and make sure that those updates take place.
✅ Connecting and encouraging the openness between the IT and OPS ensuring everyone is aware of this.
✅ Diverting from the legacy equipment whose passwords cannot be changed. For the remaining systems, use a trusted passwords manager.
✅ Ensuring that you can update all IoT tools and software.
✅ Consider data backup regularly.
✅ Implementing end-point anti-malware software.
✅ Reviewing all systems that the attackers might access remotely. Ensuring the presence of security protocols.
✅ Reviewing the nature of access and who has it. Access to write should be restricted to those who need it.
✅ Shutting down connection points when not in use.
✅ Updating or creating your incident response plan.
The Certification Bodies Associated With Food Industry
The following are the certification bodies and a couple of food safety certificate that are associated with the food industry fixing the vulnerability in cyber security and raising awareness:
1. ISO 9001-2015 Quality Management System
The ISO 9001-2015 is an internationally recognized Quality Management System (QMS) standard benefitting any size of an organization. It is designed to be a powerful business tool for improvement and the certifications can do a lot of things such as the following:
✅ Be more flexible and curate a sustainable business.
✅ Continuously improve, reduce costs and streamline the operations.
✅ Display your strong corporate governance.
✅ Satisfy more and more customers.
✅ Win even more businesses and compete in the tenders.
✅ Work efficiently with the stakeholders and your supply chain.
2. ISO 22000 Food Safety Management Systems (FSMS)
FSMS is used by organizations across the food chain in a bid to deliver food that is completely safe to consume. However, the 22000:2018 is an excellent framework that helps to implement an FSMS or food safety and management systems. The 22000:2018 is a current transition from the 2015 version. The new version considers all the changes in the food industry and helps the organizations to reduce the food safety hazards.
Here are the major benefits:
✅ The new version is much easier to integrate with the other ISO management systems.
✅ Introduced Plan-Do-Check-Act (PDCA) cycle as well as risk-based thinking.
✅ In collaboration with the HACCP, it is efficient to identify, prevent as well as control the food safety hazards.
✅ It helps the organizations to reduce their exposure to risks and improve safety.
3. BRCGS Global Standards (Food Safety, Storage & Distribution)
The Brand Reputation Compliance Global Standards (BRCGS) have specific benefits to the food industry such as:
✅ Reduction in product recall, complaints and rejected products.
✅ Reduction in the multiple audits.
✅ Increase in the customer confidence and opening of the new market opportunities.
4. Hazard Analysis Critical Control Points (HACCP)
A HACCP or Hazard Analysis Critical Control Points system permits you to identify the hazards and effectively controls the management of these hazards throughout the supply chain during production. It meets the requirements of the Codex Alimentarius Commission (CAC) which is established by the World Health Organization (WHO) and the Food and Agriculture Organization of the United Nations to bring together international food standards, guidelines and codes of practice for ensuring fair trade.
Below are the advantages of HACCP certification:
✅ Implements an internationally recognized food safety system.
✅ Offers a degree of confidence that is required by the retailers, consumers and buyers within the food industry.
✅ Offers the consumers, buyers, trade agencies and government enforcement with the assurance that the control systems are in place ensuring safe food production.
✅ Aligns HACCP with the ISO 22000 for improving the FSMS.
✅ Continuously review and improve your system so that it stays effective.
✅ It is completely based on the Codex standards and the guidelines of the other national standards.
✅ The advantages are not limited to the size or location of the organizations.
5. Global GAP (Good Agriculture Practice)
The Global GAP of Good Agriculture Practice was earlier known as EUREPGAP. It is the European Retailers standard for Good Agricultural Practices (GAP), encouraging the adoption of commercially viable farm assurance schemes. Through its cyber security strategy, it promotes sustainable agriculture and the minimization of agrochemical plants. It primarily focuses on workers’ health, environment, sustainable land use, safety and welfare. The following are the benefits:
✅ Improvement in the processes and practices up to the farm gate.
✅ Motivating the workforce.
✅ Leading to improved facilities, working conditions and training.
✅ Improvement in productivity.
✅ Encouragement of sound environmentally farming practices.
✅ Improvement in management practices.
Like any other sector, millions of people are dependent on the food and agriculture industry for their livelihoods. Since these critical sectors depend more and more on technology and digital systems, in the bid to conduct their business, they are more vulnerable to significant cyber attacks. This is where cyber security services are crucial. Deploying the modern cyber defences to shield the food chain supply of the world is necessary.
On top of this, as the new automation systems have been designed and utilized in the food sector, cybersecurity in food industry is required at the forefront. Thus, getting associated with one of the top cybersecurity companies is the best thing you can do for your business.
The food supply chain is interdependent and fragile. Thus, the entire food industry requires to be protected with the most advanced and effective policies and tools. Food and safety are something the industry cannot do without as food is a basic necessity to be alive. Thus, on this food safety day, this cyber security information was the perfect thing to be shared.