THERE might have been a time when hacking into a food or agricultural company's system was far from a hacker's mind. Why threaten a company that provides a basic need? But this is simply just a rhetorical question. Because just like any other business, food companies have to protect their data and operations, and more so because if they don't, the health and safety of their consumers could also be at risk.
While the adoption of IoT and smart technologies is paving a future that ensures efficient operations, better processing, and safer products, it has exposed F&B companies to sophisticated cyber criminals. Many manufacturers are falling victims to these crimes, and the threat to the food supply chain persists as long as systems are easy to breach. The only way forward is to continually strengthen their cybersecurity.
To understand the issues, we talked to Vijay Vaidyanathan, who is currently the Regional Vice President – Solutions Engineering, APJ at the industrial cybersecurity company, Claroty.
Vijay Vaidyanathan, who is currently the Regional Vice President – Solutions Engineering, APJ, Claroty
Why are food companies easy to target?
The food manufacturing industry has low maturity in terms of cybersecurity and such incidents highlight the urgent need for food companies to prepare for and learn to manage cyber-related risks. That includes risks from information technology (IT), operational technology (OT) such as industrial control systems (ICS), and importantly, from the convergence of IT and OT networks as a result of digital transformation. This is especially pertinent in environments where vulnerable legacy technology exists, as any downtime could result in huge ramifications for the company and the public at large, as was the case with JBS Foods.
According to the Cybersecurity Agency of Singapore, nearly 40% of cyberattacks in Singapore target small and medium enterprises. The most common methods were phishing attempts and ransomware. Just like big companies, SMEs are going digital in the industry 4.0 environment, they may become vulnerable to cyber threats such as phishing attacks, defacements, and ransomware. For many lean SMEs, being hacked would mean that normal operations would come to a halt. This may then result in revenue loss and negatively impacts the company's reputation.
What can hackers manipulate?
Cyberattacks have evolved beyond theft of data to disruption of physical assets with consumer impacts. Hackers often encrypt data on systems and demand ransom to decrypt it, but in some cases, the primary targets have shifted from the data alone to consumer-facing services.
Hackers have the following motivation: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
What are the entry points?
At first, hackers identify a vulnerable target and explore how to exploit it. Outdated OT is especially vulnerable – designed without security in mind and often incompatible with much of today's IT software and security tools — as these can cause major operational outages and complete shutdowns if compromised.
Can you share some breaches in F&B/agriculture that have occurred, and how these were handled?
JBS wasn't alone in meeting an attacker's ransom demands. Colonial Pipeline reportedly paid $4.4 million to recover its IT systems after a ransomware attack forced it to shut down its operational technology network in order to contain the attack. Ransom demands on average have been doubling since 2019, the FBI said, adding that alarmingly, between 50% and 80% of victims who paid ransoms were victimised again by the same attacker, or a different group.
Another ransomware incident (which forced NEW Cooperative to shut down its operations in September 2021), came just weeks after the FBI issued a private industry notification (PIN) warning the food and agriculture sectors of the rising threat of targeted ransomware attacks. Following the incident, Claroty Chief Product Officer Grant Geyer noted that the incident should serve as a call-to-action for food and beverage companies to adopt best industrial cybersecurity best practices such as gaining complete visibility across their operational environments, continuously monitoring for threats to cyber-physical systems, and implementing industrial network segmentation to prevent the lateral spread of threat actors.
In an effort to better understand how industrial enterprises across all sectors are responding to mounting security challenges as digital transformation introduces new risk to cyber-physical systems, Claroty contracted with Pollfish to conduct an independent, global survey of 1,100 IT and OT security professionals for its latest Global State of Industrial Cybersecurity report. Our food and beverage industry snapshot zeroes in on the responses of the 36 respondents who work in the sector to glean insight into how its security practitioners are adapting to evolving challenges
For example, a U.S.-based farm lost more than $9 million after temporarily shutting down farming operations after a ransomware attack in which the threat actor was able to steal administrator credentials and access internal servers. In other attacks, a U.S.-based bakery was victimised by REvil through a managed IT service provider with access to the baker's IT network. It was forced to shut down production, shipping and receiving, delaying customer orders for more than a week. The FBI PIN also describes an attack against a U.S.-based beverage company where business systems were impacted, yet the company took down production systems in order to contain the spread of the malware. The FBI warns that this trend shows little signs of slowing down.
Why are systems easy to hack even when security measures are in place? How are these guarded?
Systems are getting hacked because cybercriminals continuously refine tried-but-true ransomware methods and look to exploit weaknesses in the software that knits together the internet. The anticipated attacks come against the backdrop of a post-pandemic situation that creates additional weaknesses. With many people still working from home, attackers seek to exploit remote connections to infiltrate corporate networks. Some scammers will also target everyday folks, who are spending more and more time in front of computer screens, in order to nab banking information, personal passwords and other data that can be used to compromise accounts.
Why should or shouldn't F&B companies think twice about going digital in the face of growing cyber security threats?
Digital transformation in the F&B industry is imperative because it enables innovation and replaces outdated and analog processes with modern, fully integrated technology. Doing so immediately reduces or eliminates the inaccuracies, delays and lost data associated with manual processes. The COVID-19 pandemic has put supply chains to the test and in many instances delays and shortages occurred, making clear the weaknesses in their current models.
What steps are necessary for companies to protect themselves from a potential security breach?
We recommend the following industrial cybersecurity best practices to mitigate cyber threats:
- Ensure operational visibility. One of the biggest challenges for securing OT environments is the lack of telemetry, and therefore, visibility into OT networks. Real-time visibility into all operational systems linked to food production and distribution enables security teams to notice if there is anything out of the ordinary going on in the systems, meaning they can quickly act to detect, investigate and resolve malicious activity. For example, visibility into process values—such as temperatures, chemical composition, and product formulas—can help ensure the quality and consistency of outputs. It helps to establish a behavioural baseline against which to monitor the network and understand the vulnerabilities, threats, and risks that may be present—including anomalies that may indicate an early-stage attack—in order to take pre-emptive actions. Additionally, such visibility can help to identify vulnerabilities such as out-of-date operating systems and software, and also any common vulnerabilities and exposures associated with products, allowing them to take action.
- Establish secure remote access. Organisations need to use remote access solutions that are purpose built for industrial environments that allow for auditing, control and monitoring capabilities. This includes extremely granular role- and policy-based access controls for industrial assets at multiple levels and geographic locations while supporting Zero Trust and Least Privilege security principles. Ideally, to protect their facilities, manufacturers should deploy specialists that embrace OT and the IT/OT connect when it comes to securing remote access to critical environments. Purpose-built OT solutions far better address OT needs than general remote access solutions. The investment is worthwhile as remote work will likely continue in some capacity long after the pandemic is over.
- Stay up to date on cybersecurity standards. Organisations can also look to OT cyber security recommendations by respective government agencies. Singapore, for instance, is setting up a panel comprising global experts to offer advice on OT cybersecurity as part of the country's latest cybersecurity blueprint. Organisations involved in the food supply chain can also refer to OT security recommendations released by US security agencies the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA).
Could you go into detail on how Claroty can help?
Claroty's Continuous Threat Detection (CTD) solution connects to SPAN or mirror ports on standard Check Point Security Gateways or Check Point Rugged Security Appliances and automatically identifies industrial assets and network activity to provide real-time cybersecurity monitoring and process integrity alerts.
We have some of the world's most experienced IT and industrial cyber security experts who have been studying and working within the industry for decades. We know the threat landscape and unique requirements, challenges, and opportunities to protect critical infrastructure and we put that into practice every day. We partner with CISOs and other security leaders to help identify vulnerabilities, mitigate risk, and build resilience in today's dynamic environment. Here are six tangible steps we work through with our clients to ultimately arrive at more secure and intelligent operations.
- Contextualised Visibility into Assets and Risk
Having visibility into all assets with context so you can understand your risk posture, is an excellent first step to prepare proactively and focus on addressing likely paths of attack. - OT Cybersecurity Strategy & Program Design
IT and OT teams prioritise the confidentiality, integrity, and availability (CIA) triad principles differently. A security posture assessment allows you to evaluate the state of your OT network's security and the delta with where you need to be to mitigate risk. - Incident Response Readiness
Ideally, you've proactively protected your most important systems and critical processes against pertinent threats. But even the most effective cyber-defense strategy cannot fully eliminate risk, so you should always proactively prepare for an incident so that you know every step that will be taken, and the people, processes, and technology involved in the response. - Secure Remote Access & Network Segmentation
New attack vectors are emerging because many systems and devices that enable business processes and applications to communicate across environments were not necessarily designed to co-exist and interoperate securely.
Integrated Managed Security
Threat detection and monitoring must be a continuous process to remain effective – there is no set it and forget it. It also requires an integrations ecosystem that enables seamless connectivity between the OT and IT security programs, empowering CISOs to execute a holistic, enterprise-wide risk management strategy more efficiently.