With consumers vying for virtual space to advertise or promote their brands, the subject of security is an important consideration.

In recent years the food and beverage industry had become a notable target for cybercrime. It’s a problem that has significant consequences, not just for businesses but also the general public, since it’s such a critical industry.

As food production becomes increasingly digitised, the risks to equipment and processes become higher, meaning security defences need to be strengthened. So why are cyber threats becoming more common in this industry and what can food and beverage companies do to protect themselves?

Why is the food and beverage industry a target?

Food and beverage industries have become a popular target with hackers and cybercriminals because they’re critical to our economy and represent a national threat if they’re compromised. 

As integral businesses, they’re often in possession of huge amounts of money, and a cyberattack could potentially impact supply chains and production, increasing downtime. With more and more manufacturers using social media platforms and websites to advertise products, there is good justification for being aware of the potential threats of targeted cyber attacks.

Another reason why businesses in this industry are a target is because of the high prevalence of legacy systems, which means older systems that aren’t up to date or those that aren’t connected to online systems. Hackers know these vulnerabilities are present, which makes them an easy target, so they actively seek out older systems for an easy point of entry.

The leading cybersecurity risks

As the 2019 Deloitte and MAPI Smart Factory survey stated, ‘Cyber threats are pervasive and can have disastrous effects’. Nearly 50% of their respondents recognised cybersecurity as an operational concern, yet 24% were not conducting regular reviews, and where assessments were being undertaken they were not sufficient in their coverage.  

British insight from a leading cybersecurity specialist, highlights, “no less than 60% of UK manufacturers have been affected by a cybercrime incident, with a third of these having experienced financial loss or operational disruption as a result”. Yet despite this, a UK government report found that only 62% of businesses surveyed in the food and hospitality sector consider cybersecurity to be a priority. 

While cyber threats are constantly changing, there are some risks which are more prevalent in the food and beverage industry. 

Card skimming

Card skimming refers to attacks where hackers implant malicious code into a website or a third-party supplier of digital systems, so they can steal credit card details. For businesses that rely on sales of packaged, physical goods, such as food and beverage businesses, this poses a real threat to their operations and ability to sell through retail channels. Today, hackers look to break into manufacturers’ networks to seek out credit card data and personal information, and even though many manufacturers don’t retain this type of data, it won’t stop a criminal from breaking in to find data they can steal. 

An increase in ransomware threats

Ransomware is another type of attack that food and beverage businesses need to be mindful of. With the many challenges the world has faced in recent years, manufacturers have had to deal with disruptions, strange sales trends and impacted by customer fears of supply chain issues. These industry-wide circumstances are great news for hackers, because the repercussions of bringing a food or drinks manufacturer down would have disastrous effects, making ransomware threats more effective. Disruptions to supply chains and operations for these businesses could result in millions in lost profits, expired food which impacts inventory levels, and an increase in unnecessary food waste. 

Loss of intellectual property

Another risk from cyberattacks in this industry is the loss of intellectual property, where threat actors may use their access to networks to obtain secret production processes or ingredient and recipe information which can then be sold on the dark web or used as leverage. Hackers will use evasive methods to hide their presence in networks so they can go unnoticed, and if there aren’t strong detection systems in place, they’ll be able to roam freely without being spotted. 

Risk of malware

One of the most harmful cyberattacks is malware, which could affect industrial control systems and data acquisition systems which are essential to the running and management of food production and manufacturing facilities. A malware attack leaves businesses vulnerable and is exacerbated by businesses’ increasing reliance on automated systems and IoT connected devices. While these systems have been put in place to improve supply chain flow and analytics, they also pose their own unique set of risks when it comes to cybercrime and malware attacks. 

Developing stronger protection

Businesses in the food and beverage sector need to protect themselves fully against these and other cybersecurity threats, in order to prevent hackers from taking down their business and putting their reputation at risk.

Consumers need to trust a brand and whether you are using personal data, accessing bank details or sharing promotional material to launch a new brand, social channels and video marketing platforms should be protected from cyber crime. Much of the tech budget for food and beverage businesses goes on automation and services that increase productivity and boost profit margins, but all of this could be at risk if you don’t have a strong cybersecurity strategy in place. 

One way to protect businesses in this industry is to use software for remote inspections and audits, so information can be shared between teams from any location safely and securely, and in real time. Remote inspection software provides up-to-the-minute data and reduces the number of people needed on-site, which also contributes to safer working practices, both from physical and digital perspectives. This type of software can also alert users to risks that might be missed from manual checks.

Multi-factor authentication provides a great first line of defence for any team, preventing them from unwittingly handing over sensitive information, and also reduces the risk of forced attacks. Similarly, as a last line of defence, restricting privileges on devices can minimise the risk of someone clicking on a nefarious link or installing unwanted items on the device, since they won’t have the privileges to do so.  

Food and beverage businesses need to have a dedicated response plan in place, a team to carry out this process in the event of an attack, and have regularly scheduled penetration testing to spot vulnerabilities ahead of time so they can be remedied. Businesses need to continually commit to having relevant security certifications in place and stay ahead of hackers by keeping on top of cybersecurity threats and evolving trends.