The food industry faces an uncertain future. Restaurants and prepared-food companies, food manufacturers, farmers and producers that survived the lockdowns of 2020 and 2021 are heading into a new world. Some of the competition has been removed, new players are entering the market and both tastes and consumer habits have changed. Take a look at our recipe for how food manufacturers can boost their internet of things (IoT) security in the midst of all those changes.
The food industry is more complex than most. In fact, it’s many industries: biotech, agriculture, manufacturing, logistics and retail. All these industries must work together securely for the entire process to result in food for the public.
While the larger food industry is gigantic — a multi-trillion dollar industry — food manufacturers tend to be smaller companies. Some three-quarters of the industry involve companies with fewer than 20 employees.
Insecure food companies can result in a wider-than-average range of risks, including the hijacking of resources for other cyber attacks, breaking equipment to halt production, customer or business data theft, ransomware attacks and others. The inherent risks in perishable products that can affect human health and safety.
Why IoT Security in the Food Industry is Changing Fast
Every recipe has a history, like the memories and enjoyment your family might find during a meal. For IoT security in the food industry, the pandemic drove many changes. For example, it sped up the adoption of automation to minimize workers packed together in processing plants.
The pandemic also required many workers in the food industry to work remotely, further expanding the attack surface. Those create problems with IoT security and other aspects of keeping threat actors out.
Many parts of this complex chain have embraced IoT security. In food processing and manufacturing, companies are melding information technology with operational technology — the IT/OT convergence. IoT devices are beneficial to farming, shipping, manufacturing and retail.
IoT Concerns for Restaurants
Restaurants felt one of the biggest impacts in the food industry. They were already open to attack because they use a large number of suppliers, partners and vendors and tend to have high employee turnover. While people still kept eating and drinking during the pandemic, they weren’t able to do so indoors. The restaurant industry got creative, offering home delivery, curbside pickup and other innovations. These changes involved a huge shift to internet-based or app-based digital payments, over in-store payments via credit card or cash. The old credit-card-in-the-vinyl-folder system for payments in American restaurants was never secure. But at least only local and known attackers (usually rogue employees) could use it. Online payments open up restaurant attacks to the entire world.
Many restaurants are embracing cloud data services, which can be more secure. However, they may not be investing in the expertise for managing cloud data security.
The longer-term trends in how food is produced also drive the recent change. Precision agriculture is the farming equivalent of enterprise digital transformation. The precision agriculture revolution brings together satellite data, IoT-based sensor data, mobile apps, GPS, drones and the cloud to lower costs, improve yields and drive efficiency.
What do all these changes have in common? They all involve an increase in the attack surface. IoT security needs to grow at the same rate.
A New World of Food Industry Threats
The food industry has its share of intrigue. For example, the Honey Authenticity Project estimates that one-third of the world’s honey supply is fake or modified as the result of a plague of ‘honey laundering’ in the global supply. Many people see more advanced tech as the solution.
But as the food industry grows more digital, so do the threats. Food processing is attractive as a target for ransomware. This is partly because of the short shelf life of food, and partly because of the damage to a business’ name. If buyers are uncertain about the safety of food products, business could be damaged in a big way. It’s also true that food companies tend to have lower margins and therefore less financial cushion against costly attacks and less budget for costly security staff.
The Trouble With Food Manufacturing Cybersecurity
In the world of manufacturing, generally, the most critical point of risk often comes at the level of the industrial control systems (ICS). This is where both manufacturing data breaches and shutdowns can occur.
One reason food processing is a target is because of outdated legacy ICS. Another problem is that managers often leave these systems to people who are experts in food manufacturing, but not in cybersecurity. Incorrect or lackluster software and firmware patching can cause openings in ICS systems, leading to zero day holes just waiting for an attacker to come along and exploit them.
Food can go bad and needs to be cooled or handled in special ways. Because of this, the entire chain needs to proceed quickly and without interruption. Production and manufacturing shutdowns can damage or destroy the business, ruin the product and make it unsafe for consumers. That harm cascades down to partners and suppliers.
New Tech Demands a New Emphasis on Safety
So, how do you update your IoT security in the food industry? Here’s the recipe:
- Conduct end-to-end cyber risk assessments, looking for systems that need to be updated regularly and making sure those updates happen.
- Connect and encourage openness between ops and IT to make sure everyone is on the same page.
- Boost cybersecurity awareness training for all processing and operations staff.
- Review all systems that attackers could access remotely and make sure they have secure protocols.
- Create or update your incident response plan.
- Review who has access and what the nature of that access is. Limit write access to only those who need it. Remove access altogether for anyone who doesn’t need it.
- Shut down connection points when no one is using them.
- Move away from legacy equipment with un-changeable passwords. Use good password management for the remaining systems.
- Acquire the expertise you need based on your actual platforms and systems. This is especially true when using the cloud.
- Embrace the right security tools, leveraging automation and intelligence, for your industry and needs.
- Make sure you can update all IoT tools and all software and keep them up to date.
The food industry finds itself in a new world of challenges and risks, but also opportunities. Leaders in the food industry can realize these opportunities by embracing not only the technologies that will drive efficiency, higher margins and consumer safety, but also the technologies and practices that will safeguard food operations against IoT security problems and cyberattacks.
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...