The food and beverage industry is just as vulnerable as any other industry when it comes to threats of cybercrime.  Carrie Straka writes in Cybersecurity in Food that, “the food and beverage industry is as susceptible to cybersecurity threats and attacks as any other industry. The need to secure corporate private networks and intellectual property is at an all-time high, as is the need to protect the food supply.”

And yet, despite these words and the overwhelming focus placed on cyber security in the media today, the United States Food and drug Administration (FDA) has not yet really been overly concerned about food safety and the potential for a cyber disaster.

For now, the more obvious worry over contaminated products occupies much more of the FDA agenda, but as the pace of automation continues to escalate, so does the possibility of dangerous challenges.  The most common security concerns cover areas such as theft, data corruption or loss, public exposure and data manipulation. While the threat of theft is relatively low, data corruption – particularly concerning proprietary formulas or processes – can be problematic as is public exposure.  It is therefore critical that food is protected and that incidences of food recall are kept to a minimum.

As time passes, more threats will loom – and the risk to those in the food and beverage arena is not limited to financial ruin.

In professional services firms or financial institutions, or other industry sectors, hackers most often seek access to confidential data, personal contact information, credit card details, and other similar records and details. But that is not the only type of cybercrime that can wreak havoc in our communities.  The typical lack of security policies and staff training, along with outdated systems, insecure remote access, and ineffective firewalls can put the food and beverage industry equally at risk as the other sectors that are struggling to control cyberattacks. While this industry has been slow to react, there is a quickly growing awareness that cyber security problems lurk just around the corner.

In fact, in an article entitled, Cyber Security and Disaster Recovery in the Food and Beverage Industry published by assetguarddian.com, the author warns that the food and beverage sector is “the most targeted for cyber security attacks right after the retail sector.”

There are many different ways that cybercrime can impact the food and beverage industry beyond data breaches and compromised customer records. These are critical causes for worry, but there are other considerations as well that are  more unique to food and beverage. For example, the instances of ‘agroterrorism’ may increase. This situation occurs when hackers irradiate or contaminate food by taking control over automated systems and creating a subsequent uproar among the population. Hackers with access to a country’s food supply can insert poisons, shut down refrigeration systems, disrupt chemical facilities, or even attack the water supply – all resulting in extraordinary danger that can lead to disruption or even death. So interest in having control over the food and beverage industry is gaining momentum as hackers are recognizing the power of taking over the technology systems that support the food and beverage industry just as they have done in other industries. As the industry continues to rely on automation to assure that all food and beverages are fresh and safe, the possibility of hackers corrupting that automated technology grows exponentially – putting the industry at risk.  

That’s a big statement – and one that should not be overlooked. All businesses are significantly impacted if they become the victim of a cyberattack. It is difficult to truly understand the scope   of the situation as they are forced to grapple with regaining customer confidence, dealing with the impact of work stoppage, and managing the extreme cost of the resulting spoilage that can occur when the inventory that is infected is comprised of perishable food items.    

Those who are responsible for food safety and other vulnerable aspects of the food and beverage industry should develop the updated systems necessary, while always preparing for inevitable technology changes. Along with effective systems, the industry leaders need to have a document recovery plan in the event that the food and beverage industry suffers a devastating blow. The strategy for combatting cybercrime for food and beverage is much like the process in other industries. To mitigate or minimize risk, key steps should be taken – including identifying areas of potential risk, training the staff to be alert and vigilant, and having a current recovery and response plan ready for any foreseeable circumstance.

Conatct Dave Capodanno at david.capodanno@sobelcollc.com if you have any questions regarding this blog.

Dave Capodanno, SobelCo

Articles researched for this blog include the following:

“Cyber Security Threats to the Food Industry: Consider the Cloud.” Roger Woehl. CTO, SafetyChain Software.

Cyber Security and Disaster Recovery in the Food and Beverage Industry.” www.assetguardian.com/Blog

Cybersecurity in Food. Carrie Straka.

About the Author

Dave Capodanno is a Member of the Firm in the Assurance Practice at SobelCo. He brings a depth of experience to the firm’s clients, especially those in manufacturing and distribution, food + beverage, logistics, real estate, and insurance brokers, along with his specialized expertise with employee benefit plan audits. His goal is to consistently provide excellent client service tailored to each company’s needs while considering the unique challenges and opportunities of closely-held business...