A proactive approach to thwart cybersecurity attacks

The prospect of cybercrime remains a never-ending, and increasingly dangerous, threat to dairy processors.

Ongoing increases in the number and sophistication of attacks are making it vital for processors to repeatedly scrutinize and upgrade their defense mechanisms, analysts state.

“Cyberattacks are continually on the rise,” says Corey Smith, information systems support technician for the Stellar Group, a Jacksonville, Fla.-based provider of design and construction services. “As more processors digitize data, there is a greater risk that the data can fall into the hands of bad actors. Processors must be vigilant and establish preventive protocols as companies of all sizes can be vulnerable.”

Indeed, dairy processors are facing more cyberthreats and risks than ever before, says Tony Giles, director of information security, NSF-International Strategic Registrations, for NSF, an Ann Arbor, Mich.-based provider of testing, inspection, certification, and advisory services and digital solutions. Attackers are focusing more on critical infrastructures, leading to threats of food tampering and hacks into processing, transportation and storage systems that can result in food spoilage and, consequently, food poisoning and shortages, he states.

“The perishable nature of dairy products demands strict adherence to production schedules, making any disruptions caused by cyberattacks particularly impactful,” says Maria Mascaraque, research industry manager for Euromonitor International, a London-based market research firm. “The complex machinery and systems used by dairy processors may be vulnerable to cyberthreats, necessitating specialized cybersecurity measures, which could involve engaging third-party security experts or developing in-house expertise.”

Bad actors frequently use ransomware, a type of malicious software that can block access to computer systems, to obtain high payments from processors, Giles says. “A breach in information security also can impact a business and its operations through leaked confidential client information, formulations and recipes, and sensitive employee data,” he states.

Attackers typically focus on payments rather than malicious intent, notes Tim Barthel, executive vice president of Cybertrol Engineering, a Minneapolis-based control and information system integration firm and a member of the Chicago-based Control System Integrators Association. “In most cases, it is people looking for a quick payout from a few hundred thousand to a few million dollars, which is enough to make a quick profit, but not enough to garner attention by the authorities looking for the extreme threats against government or other types of industrial entities,” he states.

Much to lose

Because dairy plants are critical infrastructures, any disruption to operations can have “devastating” consequences as contamination and supply chain disruptions, Barthel says.

“As a highly regulated industry, there is additional pressure on dairy processors to secure their networks against cyberthreats, which can result in regulatory penalties and loss of compliance certifications,” he notes.

Cybercriminals often target a production facility’s pivotal areas, such as supervisory control and data acquisition (SCADA) systems, manufacturing equipment and inventory management systems, Barthel says. “By encrypting or locking down these systems with ransomware, cybercriminals can effectively shut down production, leading to costly downtime and potential losses,” he states.

After infiltrating networks and encrypting critical systems, cybercriminals can demand ransom payments in exchange for decryption keys or the promise to restore access to the affected systems. “Even if a processor decides to pay the ransom to regain access, the financial and reputational consequences can be long-lasting,” Barthel notes.

Shutting down production by making the HMI/SCADA system unviewable is a much more typical occurrence in the food and dairy industries than one might think, Barthel states. By forcing a shutdown of activity and the loss of revenue, processors are often willing to quickly pay off intruders to get the hijacked systems running again, he asserts.

Though more dairy processors are prioritizing cybersecurity, many still have gaps or lack the infrastructure to adequately protect their operations, Smith says. “Just as technology is evolving, cybersecurity threats are also constantly changing.”

The most vulnerable operators lack the necessary prevention expertise and resources, particularly if they’re using legacy systems and equipment that lack the necessary security controls and are difficult to update.

Don’t fall into the “security through obscurity” trap

The preponderance of small- and medium-sized processors that outsource technology management are particularly open to cyberattacks, reports the Food Protection and Defense Institute (FPDI), a University of Minnesota-based organization that focuses on protecting the global food supply through research, education and the delivery of innovative solutions.

“This almost always involves third-party remote access, which introduces severe vulnerability,” the FPDI states. “Further, these risks can be passed up the supply chain, even to larger companies who manage their own technology infrastructure. It may be tempting for small businesses to think there’s safety in their size, but unfortunately, ‘security through obscurity’ doesn’t work.”

Many dairy company leaders also are unaware of cyber risks and threats, especially to control systems, the FPDI reports, adding that “unfortunately, it can be hard to make the business case for adequately funding cybersecurity because the examples and data required to demonstrate the threats and quantify the consequences are difficult to acquire or are unavailable.”

A major issue is the use of antiquated technology, Barthel says, noting that systems running older revisions of software on unsupported Microsoft platforms are vulnerable. In addition, the presence of back-door connections for remote support that allow vendors to log in can create unknown entry points into a system. Therefore, operators should upgrade equipment after analyzing a facility’s industrial network, plant floor controls, and servers running a SCADA system.

While threats typically come from individuals or groups trying to exploit organizations for financial gain, “hacktivist” groups pushing their ideological goals and competitors trying to gain an edge also pose risks, Smith says. “It could even be someone trying to launch a cyberattack just to say they were able to get in,” he notes.

The use of malicious software, or malware, can enable hackers to steal data and/or destroy computers and computer systems, while other potential dangers include supply chain attacks targeting third-party vendors and insider threats from disgruntled employees or contractors.

Be proactive about protection

Dairy processors can protect their operations by implementing robust cybersecurity protocols and best practices, including regular software updates, strong password policies, and training employees to recognize and respond to cyberthreats, Smith says.

“Employees are the first line of defense for processing facilities,” he explains. “Companies can inform staffers of their integral role in data security and teach them to be cautious of phishing and malware,” which can include implementing tests to create “real-life” scenarios and understanding.

Smith explains that cybersecurity attacks can begin with phishing, or the fraudulent practice of sending e-mails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords.

Operators can also deploy intrusion detection and prevention systems to monitor network traffic for suspicious activity; segment networks to limit a breach's impact and prevent attackers’ lateral movement; conduct regular risk assessments and penetration testing to identify vulnerabilities and prioritize security measures; and establish incident response plans to contain and mitigate the impact of cyber events quickly, Smith says.

Dairy processors should further prioritize such cybersecurity best practices as regular patching and updating software; standardizing access controls; enhancing authentication and authorization; and implementing robust backup and recovery procedures to minimize the impact of ransomware incidents, Barthel states.

While enhancing security might be time-consuming and expensive, it can lead to both immediate and long-term financial savings, Giles says. There is a $1.76 million average annual savings for organizations that protect systems with security artificial intelligence (AI) and extensive automation, Armonk, N.Y.-based IBM Corp. reports, adding that 82% of breaches involve data that organizations store in the cloud.

Cloud storage allows users to save data and files in an off-site location that is accessible via the public internet or a dedicated private network connection. IBM states that companies should seek solutions that provide visibility across hybrid environments and protect data as it moves across clouds, databases, apps and services.

In addition, processors must be cognizant of a plant’s physical security as hackers can breach locations and gain access to computers and data by “tailgating,” or following an employee into a secured area without a badge, Giles notes.

“This is not only a risk to data but also to the products being manufactured and handled,” he states. “Employees must know about such risks and be sure to stay alert and lock physical and digital areas storing sensitive information and materials.”

A company-wide push

A strong organizational focus on managing cyberthreats can generate major returns, reports Gartner Inc., a Stamford, Conn.-based technological research and consulting firm. The company projects that organizations that prioritize their security investments based on a continuous threat exposure management program will realize a two-thirds reduction in breaches by 2026.

“Increased focus on the human elements of security programs continues to show significant promise in the mission to minimize the impact of employees’ unsecure behavior,” Gartner states. “It can also provide greater assurance when experimenting with emerging technologies in democratized digital environments.”

Gartner concurs that investment in effective risk management of third-party services and software; enhanced security for the identity fabric; and continuous monitoring of hybrid digital environments can harden an organization’s attack surface and strengthen its resilience.

“Security and risk management leaders face disruptions on multiple fronts: technological, organizational and human,” Gartner concludes. “Preparation and pragmatic execution are vital to address these disruptions and deliver an effective cybersecurity program.” DF