The food industry is both at high risk of and unprepared for a cybersecurity incident, according to a new report from the Food Protection and Defense Institute (FPDI) at the University of Minnesota.
The report suggests that food companies that haven’t taken the steps to protect themselves should do so now, as the industry could be a new and relatively easy target for hackers. “The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have,” lead author Stephen Streng said in a press release. “However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims.”
The report identifies several reasons the food industry is behind when it comes to addressing cyber risk. The most significant factor is the legacy technologies, particularly the older industrial control systems (ICSs), commonly used in food processing and manufacturing.
In many food plants, the hardware and software used to run the machinery was developed and implemented in the 1990s and 2000s. The problem with these older systems is that they aren’t compatible with current cybersecurity best practices, making them highly vulnerable to attack. The report cites the examples of hard-coded passwords, which represent a major security risk for ICS components, as well as custom-written code that only runs on outdated, insecure operating systems.
Other factors contributing to the high level of risk include:
While the food industry hasn’t yet had any major cybersecurity incidents, the report suggests that they’re likely coming. As Streng mentioned above, the industries that have been the most frequent victims — financial, energy, and healthcare — have learned to better protect themselves. Hackers may see the food industry as low-hanging fruit.
In addition, the authors note that “transnational criminal organizations (TCOs) are heavily involved in large-scale food-related crimes such as counterfeiting, economically motivated adulteration, theft and resale, and smuggling,” and that “food and beverage routinely ranks as the first- or second-most stolen product category via cargo theft.” Cyberattacks could be used to steal information to facilitate all of these crimes.
FPDI recommends food companies take these five steps to identify and mitigate their risk:
For more information and resources, read the full report.
By Krista Garver
Source: Food Industry Executive
A new wave of brands is emerging that promotes indulgence and rejects the notion of sacrifice. Low-maintenance “hangover” beauty products are designed to address the effects of late nights and partying without judgment or hassle, and even include cosmetics that are formulated in a way that means you can fall asleep in your makeup without feeling guilty.
The pilot will allow the company to scale circular packaging in about 18 markets over the next three years, an approach that jumps on the success of similar efforts in the company’s Indonesia ecoSPIRITS program, which launched in 2022 and is active in 38 bars.
Unilever’s focus on purpose across its brands has been a source of criticism from some of its investors. Its new CEO Hein Schumacher says the company now recognises there are some brands where the concept is simply not relevant.