Packaging Digest is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Why Cybersecurity is a Major Concern for Food Firms in 2022

Image courtesy of Prostock-studio / Alamy Stock Photo 2A5K4BK.jpg
Cybersecurity issues are likely top of mind for food and beverage manufacturers entering 2022. Representative image.
Powder & Bulk Solids highlights the most notable food and beverage manufacturing cybersecurity indicants in 2021.

Imagine showing up for work at a food processing plant and finding out that you and all the other staff preparing to start the shift have been locked outside by a group of hackers. While this sounds like the dystopian fare of the show “Black Mirror,” this exact scenario occurred last October at a Schreiber Foods yogurt plant in Richland Center, WI.

While these risks are not new, cyber security became a major topic in the food and beverage industry last year after a series of digital attacks against US firms. Meat processor JBS paid out an $11 million ransom after its operations in North America and were shut down in a hack in May 2021. A Federal Bureau of Investigation (FBI) notice issued in September alerted food and agricultural businesses that cyber criminals are carrying out ransomware attacks against companies in the sector.

“As the sector moves to adopt more smart technologies and Internet of Things (IoT) processes the attack surface increases,” the FBI warned. “Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes.”

At the start of 2022, these issues are likely to remain top of mind for operators of food and beverage processing plants. 40% of consumer products industry executives recently surveyed by Deloitte say their companies plan to make significant investments to improve consumer data privacy and cybersecurity in 2022. Another 45% of executives indicated they will inject moderate investments in those areas this year. To provide a view of how the industry is responding to these ongoing threats, Powder & Bulk Solids highlights several major cyber incidents that impacted food and beverage firms in 2021.

Molson Coors
March 2021

Beverage manufacturer Molson Coors faced a “cybersecurity incident” in March 2021 that caused a “systems outage,” according to a document filed with the US Securities and Exchange Commission (SEC).

“We engaged leading forensic information technology firms and legal counsel to assist our investigation into the incident and we restored our systems after working to get the systems back up as quickly as possible,” the company wrote in the filing. “Despite these actions, we experienced some delays and disruptions to our business, including brewery operations, production, and shipments. This incident caused us to not produce or ship as much as we would have in the first quarter of 2021.”

Image courtesy of Jim West / Alamy Stock PhotoF1NA2K.jpg

The Coors Brewery in Golden, CO.

The document states that Molson Coors spent $2 million on consultants and experts, as well as data recovery, as it was responding to the attack.

“A US Bakery Company”
July 2021

An unidentified “US bakery company” suffered an ransomware attack last July that interrupted its operations for one week as the firm could not access its server, files, or applications, the FBI detailed in its notice on cyberthreats in the food and agriculture space.

The agency said the hack was the result of “a result of Sodinokibi/REvil ransomware which was deployed through software used by an IT support managed service provider (MSP).”

No information was available on how the incident was resolved. Later in the year, the US Department of Justice charged two Ukrainian citizens with carrying out Sodinokibi/REvil ransomware attacks on businesses and government entities in Texas in 2019. Officials were able to recover $6.1 million linked to alleged ransom payouts.

Ferrera
October 2021

A ransomware attack bore down on confectionery firm Ferrara – the maker of popular US candy brands like SweeTarts and Nerds – in early October ahead of the busy Halloween season.

Cyber criminals encrypted Ferrara’s computer system on October 9 and asked the company to pay a ransom, The Hill reported. The company told the publication that they immediately initiated efforts to “secure all systems and commence an investigation” on the incident.

The hackers apparently disrupted Ferrara’s operations for several weeks.

Image courtesy of Roberto Herrett / Alamy Stock PhotoMFE557.jpg

Hackers disrupted production and distribution of Ferrera's candy brands, including Nerds, in the lead up to Halloween 2021. Representative image.

“We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity. We are also now working to process all orders in our queue,” the company said in a Tech Times article published on October 21. “We want to assure customers that Ferrara’s Halloween products are on shelves at retailers across the country ahead of the holiday.”

It is unclear if Ferrara paid the requested ransom or not.  

Schreiber Foods
October 2021

A “cyber event” temporarily halted operations at all of Schreiber Foods’ dairy processing plants and warehouses last October.

“We have a specialized response team that immediately jumped into action and began to resolve the matter,” Andrew Tobisch, director of communications for the Green Bay, WI-based firm, told ABC News affiliate WBAY. The attack shut down systems used by Schreiber Foods to operate its production facilities and warehouses.

Image courtesy of Kristoffer Tripplaar / Alamy Stock PhotoSchreiber_foods_facility_sign.jpg

A logo sign outside of a facility occupied by Schreiber Foods Inc., in Shippensburg, PA on July 30, 2017. Representative image.

The hackers reputedly sought a $2.5 million ransom from the firm, Wisconsin State Farmer reported. The incident stopped production, shipments, and milk deliveries at its facilities for five days, a company spokesperson said to the publication. Bloomberg noted in a report that the attack on Schreiber Foods’ operations also contributed to a nationwide shortage of cream cheese toward the end of 2021.

How Do Food and Beverage Operations Proceed in 2022?

As food and beverage manufacturers look to improve their assets with advanced connected technologies, companies will have to find ways to move closer to Industry 4.0, while balancing security risks.

Cyberattacks will remain a threat in the business landscape for some time to come. Large and small companies need to take proactive steps to safeguard their operations to ensure that service to customers remains at optimal levels.

As we have seen through the examples above, many food and beverage players are developing their own resources to respond to cyber incidents or seeking help from third-party consultants.

Hide comments
account-default-image

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Generations-3-AdobeStock_241450594-72dpi_0
Multigenerational Workforce

In today’s workplace, five generations are actively employed. In this free ebook, learn how to leverage the strengths of each generation in your packaging department.

Generations-3-AdobeStock_241450594-72dpi_0