In November 2023, a Swiss farmer watched helplessly as a hacker breached a milking robot and encrypted vital data about his herd of cows. The attack ultimately resulted in the death of a pregnant cow and cost the farmer some 6,000 francs (about US $6,500). And it highlighted an alarming trend: the food and beverage industry has become a prime target of cyberattackers. In fact, the industry is now the seventh most targeted sector for ransomware in the United States, with over 160 incidents reported in the food and agriculture sector in 2023 alone.
But food and beverage company leaders can learn from recent incidents to strengthen security and sidestep costly (and even tragic) incidents.
Understanding Why Food & Beverage Is a Ransomware Target
The food and beverage sector’s increasing reliance on automation, coupled with its critical role in global supply chains, makes it particularly attractive to cybercriminals.
Critical Role of Food & Beverage in the Supply Chain
When production stops at a food supplier or processor, the effects can ripple throughout the entire supply chain, creating pressure on owners and other leaders to pay ransoms quickly to resume operations. We saw this scenario play out during the 2021 JBS ransomware attack, which disrupted meat processing across North America and Australia [source: Reuters].
As FBI Special Agent Gene Kowel said at a recent bureau symposium, “The cyber risk and national security threat to farms, ranches, and food processing facilities is growing exponentially.” He also highlighted the growing complexity and severity of attacks.”
The Weakest Links: Systems and Processes Hackers Exploit
Robots, automated feeders, and AI for optimizing yields can all introduce vulnerabilities, according to Cory Brandolini, co-founder of AI-driven software company Railtown. “All this automation brings significant cyber risk if [data] within the underlying software are not constantly protected,” he told Forbes.
At the same time, many operational technology (OT) systems were designed when cybersecurity was less of a concern, creating additional vulnerabilities throughout the supply chain. The problem is compounded by:
- Legacy systems running outdated operating systems
- Inadequate network segmentation between IT and OT systems
- Gaps in employee cybersecurity awareness and training
- Connected devices that may lack proper security controls
High-Profile Ransomware Attacks in Food & Beverage
Recent years have seen a surge in devastating ransomware attacks targeting food and beverage companies of all sizes, causing widespread disruption and highlighting critical vulnerabilities in the industry’s cybersecurity defenses.
JBS Foods Attack: The Largest Ransomware Attack in Food Industry History
The May 2021 ransomware attack on JBS, the world’s largest meat supplier, stands as a defining moment for the industry. The attack forced the closure of all JBS beef plants in the United States, interrupting nearly one-fifth of the country’s meat supply. The company ended up shelling out an $11 million ransom to restore operations.
US Department of Homeland Security communications later revealed JBS’s cybersecurity as “poor” prior to the attack, with the company slow to respond to known vulnerabilities.
Key lessons learned from the JBS attack include:
- The importance of maintaining strong baseline cybersecurity practices
- The need for regular security assessments and swift remediation of identified issues
- The critical role of network monitoring and early threat detection
Case Study: Milk Processing Plant Attack and Its Ripple Effects
Less publicized but equally concerning was the October 2021 attack on Schreiber Foods that shut down the company’s milk processing plants and distribution centers. The attack disrupted milk transportation routes and left employees unable to access company buildings. The incident highlighted how even smaller-scale attacks can create significant supply chain disruptions.
Other Noteworthy Attacks on Food & Beverage Companies
Recent years have seen a concerning pattern of attacks using an array of methods including phishing, exploited software vulnerabilities, and insider attacks. Notable incidents include:
- Dole Foods (2023): A ransomware attack disrupted operations and compromised employee data, costing the company $10.5 million.
- Campbell Soup Co. (2023): A cyber attack was quickly contained with minimal disruption, but other IT problems caused a three-day shutdown of production lines and employees sent home from a plant in Ohio.
- Duvel Moortgat (2024): A ransomware attack caused the brewery to shut down four Belgian plants and a US facility. Operations resumed within days, but criminals released a terabyte of sensitive data after the company refused to pay a ransom.
Key Lessons from Recent Ransomware Attacks
These real-world attacks provide valuable insights for food and beverage companies looking to strengthen their cybersecurity defenses and protect their operations from increasingly sophisticated threats.
Lesson 1: Proactive Threat Detection Is Critical
Real-time monitoring can catch threats before they spread through your network. The JBS incident began with a security breach in February 2021 but wasn’t detected until the ransomware activated in May. Early detection through 24/7 monitoring could have prevented the damage and the need for the costly ransom payment.
Lesson 2: Secure Your Operational Technology (OT) Systems
A strong demilitarized zone (DMZ) using one or more firewalls to prevent direct traffic from IT networks to industrial control networks provides a crucial layer of defense. Regular patching of known vulnerabilities, although potentially challenging, can be scheduled proactively around operational activities. Network segmentation and implementing zero-trust principles for OT systems are also vital best practices.
Lesson 3: Employee Awareness and Training Are Essential
Phishing emails and compromised credentials continue to be primary attack vectors. Training employees to recognize suspicious emails and follow proper security protocols can significantly reduce companies’ exposure to risk.
Lesson 4: Incident Response Plans Make a Difference
Companies with established incident response plans (IRPs) have the potential to recover faster and at less cost than those without such preparations.
A strong IRP should include:
- Clearly defined roles and responsibilities
- Specific timelines for different types of responses
- Detailed communication strategies for stakeholders
- Regular testing and updates of the plan
Proactive Steps to Mitigate Ransomware Risks
Taking action now can help food and beverage companies reduce their exposure to ransomware attacks and minimize the impact of any successful breaches.
Implement Multi-Layered Security Controls
No single security measure is sufficient. That’s why a comprehensive approach to security includes multiple layers, including:
- Network segmentation between IT and OT systems
- Implementation of zero-trust security models
- Regular system patches and updates
- Multi-factor authentication for remote access
- Endpoint protection on all devices
Conduct Regular Cybersecurity Audits and Assessments
Regular security assessments help identify vulnerabilities before attackers can exploit them. Third-party audits, such as those provided by Xantrion’s security assessment services, provide an unbiased view of your security posture and can identify blind spots that internal teams might miss.
Backup and Recovery Best Practices
Experts generally recommend following the 3-2-1 rule of backup: maintain three complete copies of data, with two stored locally on different types of media and one stored offsite. For maximum protection, back up critical OT systems multiple times per day using automated systems with rapid recovery capabilities.
Why Partnering with Xantrion Strengthens Cyber Defenses
Our deep experience in cybersecurity for the food and beverage industry lets us tailor solutions to your specific needs.
Comprehensive Security Solutions for the Food & Beverage Industry
Xantrion provides end-to-end security solutions for food and beverage companies, paying particular attention to operational technology security and supply chain protection.
24/7 Threat Detection and Rapid Incident Response
Our round-the-clock monitoring services catch threats early, while our incident response team helps ensure rapid recovery when incidents occur.
Trusted Advisor for Compliance and Regulatory Requirements
We help food and beverage companies navigate complex regulatory requirements while maintaining robust security practices that protect against emerging threats. Our partnership helps companies avoid fines, legal exposure, and supply chain disruptions.
Protecting Food & Beverage from Ransomware
The incident of the Swiss farmer who lost his cow to ransomware serves as a grim reminder that cybersecurity isn’t just about protecting data. It’s also about protecting lives and livelihoods. However, even as threats to the food and beverage industry multiply, companies and individuals can stay ahead by learning from past attacks while implementing robust security measures. They can also partner with an experienced security provider such as Xantrion.
