How Hackers Target Our Most Critical Industry
Our lives depend on the food and agriculture industry. It’s a vital part of our Critical National Infrastructure (CNI), and has huge financial value, contributing $1.055 trillion to the US GDP in 2020 (a 5% share). But hackers see the world’s dependence on food and agriculture as an opportunity to target the industry with cyberattacks to achieve either financial gain or social disruption. With this critical sector relying increasingly on digital systems and the interdependent nature of the world’s food supply chain, the entire industry should be protected with modern cyber defenses.
An influx of ransomware attacks
In May 2021 the world’s largest meat processing company, JBS Foods, was the victim of a cyberattack that sent shock waves across the industry. The attack was confirmed to be an instance of ransomware – one of the most prominent attacks on CNI. The attack halted operations at 13 meat plants around the world, triggering a huge supply and demand imbalance resulting in soaring meat prices across the US and forcing JBS to pay an $11 million ransom.
Other recent cyber attacks on the industry include a ransomware attack on JFC International, a major wholesaler of Asian food products, and a data leak of non-profit food provider Loaves and Fishes, originally stemming from a ransomware attack on a partner. And in 2021, Ransomware-as-a-Service gang BlackMatter attempted to extort $5.9m from farming collective The New Cooperative at the height of the harvest season, a critical time for the industry.
Smart farming
The future of the food and agriculture industry will increasingly leverage the use of automation and connected systems to monitor land, treat crops, maximize yield, and minimize disease among livestock. The smart farming market is expected to grow to $26 billion by 2028 as farms and distributors increase their use of drones, GPS mapping, soil sensors, autonomous tractors, and other IoT devices.
But as with smart manufacturing, smart farming gives attackers more opportunities to exploit misconfigurations, out-of-date firmware, or inherent vulnerabilities from small footprints, enabling them to take control of networks for sabotage or hold data to ransom.
A fragile supply chain
The world’s food supply chain is dominated by a relatively small number of large food companies, many of which are interdependent. Therefore, any attacks that expose customer and client data, or cause production downtime, reverberate along the supply chain. Retail stores and restaurants need an easily accessible and reliable source of food products, and any disruption can result in price spikes or shortages.
As a result, shutting down any of the major food production or distribution businesses puts the industry in an intolerable condition, providing cybercriminals with a clear advantage. To avoid industry turmoil, businesses are more likely to pay a ransom, and pay it quickly, to get their systems back up and running.
These risks are exacerbated by the fact that cybersecurity specialists are scarce across all industries, with the size of the workforce now 65% below what it needs to be. This lack of fully and regularly trained professionals in the industry can lead to poor security practices along the supply chain. And with email now a key attack vector for malware, including ransomware, it’s increasingly important for farmers, manufacturers, and distributors of all sizes to better educate their staff or outsource their security to a trusted partner.
Shielding the food and agriculture industry
For the food and agriculture industry to avoid serious industry disruption, remediation fees, non-compliance fines, IP theft, and reputational damage, organizations need a solution that offers powerful but fully-managed cyber protection. Centripetal’s CleanINTERNET service delivers just this, working at massive scale and machine speed to proactively shield organizations from 99% of known cyber threats. Our service works by aggregating over 5 billion global indicators of compromise (IOCs) from more than 3,500 feeds to automatically analyze and act on all inbound and outbound traffic in real-time. This takes the weight off your internal security team, helps meet compliance standards, and saves millions of dollars on separate cyber threat feeds. By providing superior protection against all known threats, our service creates a Zero Trust environment for food and agriculture businesses, building a stronger defense against threats like ransomware, phishing, advanced persistent threats, and supply chain attacks.
Find out more about CleanINTERNET, and its applications in the food and agriculture industry, by getting in touch with the Centripetal team.