In June 2021, JBS Foods, which provides one-fifth of the nation’s beef supply, reported that it had paid $11 million after a ransomware attack temporarily shut down JBS’s five-largest beef processing plants in the U.S.1
It was perhaps the most notable cybercrime against food processors — or at least, the one that was made public. It goes without saying that ransomware and other cyberattacks threaten the viability of any food production facility. Not only is there a financial or data loss, but any interruption in food production can lead to food safety issues and waste — not to mention lost customers and revenues.
Making a cybersecurity plan
Food processors must focus on increasing their cyber security to reduce risk to its business and to the wider industry. Here are steps to help improve security and help food processors protect themselves against a devastating cyberattack and how to recover in case of a successful incursion:
- Assess overall cybersecurity. Food production is highly automated and data driven. Recent attacks on food processors have revealed the risk in that approach. With every part of a food company’s production system traced, tracked and verified electronically, outdated software and systems practically invite bad actors to step in.
- Control access and implement multifactor authentication. Employees should only have access to the parts of the network they need to do their jobs. Multifactor authentication and encryption should be mandatory to minimize unauthorized access and passwords being compromised.
- Automate vigilance. An emerging technology, endpoint detection and response can help address continuous monitoring and response to advance threats. In addition, an automated security protocol can kick people engaging in unusual activity off the network. Other automated vigilance includes spam filters, website blockers and an application list to prevent the installation of unauthorized software.
- Train the workforce. Human error is still the greatest source of hacker infiltration. Remind employees to take precautions and reiterate key security training concepts. It’s also important to respond to any security incidents promptly.
- Back up data and test the system. Scanning across the entire network infrastructure, including databases, is critical. If a cyberattack occurs, quick access to data is key to overcoming the issue. Have data redundancy plans in place, such as a production copy, a local copy and a cloud-based copy. However, remember that data doesn’t always get properly backed up or is not always immediately available after a cyberattack: JBS had the backup and controls in place but couldn’t restore operations right away.2
- Prepare incident response plans. Incident response plans should define the meaning of an “incident,” as well as the people in charge of activating those plans. A response plan should include the names of key stakeholders and what their role is in the event of a breach. Plans also must have guidelines for notifying these stakeholders and include a cyber policy that details how to offset costs and allocate resources post-breach.
- Offload cyber risk when possible. Minimizing cyber incidents and their negative effects entails in-house management protocols. However, cyber insurance helps transfer that risk to a third party. Cyber insurance is expensive, and nearly impossible to procure without multifactor authentication or endpoint detection. Remember that cyber insurance is part of an overall risk management plan, not the risk management plan itself.
Contact HUB’s Food and Agribusiness experts for more information on best practices for risk management and cyber coverage for your food business.
1 CNET, “JBS paid $11M in Bitcoin to resolve ransomware attack,” June 10, 2021.
2 CNET, “Ransomware rises as a national security threat as bigger targets fall,” October 18, 2021.