A new report released by the University of Minnesota’s Food Protection and Defense Institute warns that the food industry is vulnerable to cyberattacks, suggesting that food companies need to beef up their security and IT systems. According to the report, “Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing”, the systems that food companies use for processing and manufacturing could be the most vulnerable and as such, serve as an attractive target for an attack—especially as industries that are currently common targets improve their cybersecurity.
“The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have,” said Stephen Streng, lead author of the FPDI report, in a news release. “However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims. This report can help food companies learn about what could be coming their way and how to begin protecting themselves.”
The report calls out that in 2011, researchers and manufacturers found more than 200 vulnerabilities in industrial control systems. In addition to the fact that these vulnerabilities are in many components from different vendors, many of these systems have obsolete operating systems and passwords that are easy to hack. Compounding this issue, “Companies often lack knowledge about how their industrial control systems and IT systems interact and lack awareness about cyber risks and threats,” the FPDI release notes.
And if you’re a small company, don’t think you’re immune, the report cautions. It cites that 74% of U.S. food manufacturers have fewer than 20 employees—yet software company Symantec Corp. points out that small companies have been targeted as often, or sometimes even more, than large companies.
How can food companies address this risk? The report recommends the following “critical” steps all companies should take:
- Bridge the gap and facilitate more communication between OT (operational technology) and IT (information technology) personnel
- Conduct risk assessments of inventory control systems and IT systems
- Ensure that staff with the cybersecurity knowledge is involved in procuring and deploying inventory control system devices
- Incorporate cybersecurity into your food safety and food defense culture.
FPDI’s full report is available on the organization’s website.