Increased digital transformation and connectivity, driven by the need for remote collaboration, took many companies to new heights of operational productivity and profitability in 2020. The transition to remote work prompted organizations to take precautions by connecting facilities and updating their security protocols to ensure greater visibility without compromising service levels. Although, greater connectivity reaps greater exposure to attack vectors if security is not properly implemented. For food and beverage companies in particular, cyberattacks to one part of the network could negatively impact the entire supply chain, with consequences trickling all the way down to the consumer.
Five years ago, the food and beverage industry began investing in operational technology (OT) cybersecurity initiatives. This was due to a number of variables, including the fact that the industry was regulated less than others such as oil and gas or utilities. Also, their networks were flattened, with less segmentation, so they were more likely to suffer cyberattacks, creating the opportunity for viruses to leak from IT to OT networks. As the threat to these environments grew, so did the need for a rigorous cybersecurity strategy.
Companies with digitally enabled supply chains quickly pivoted to meet shifts and surges in demand during the pandemic. Companies that typically lag behind from a cybersecurity perspective are beginning to accelerate digitalization projects and integrate their IT and OT security in their manufacturing environments. The convergence of IT and OT networks unlocks business value, but it also can give rise to new risks.
The threat -- challenges facing the industry
Cybersecurity is particularly crucial in the food and beverage industry, as adversaries can infiltrate networks that impact the entire supply chain. The industry is susceptible to both targeted and non-targeted attacks, although traditionally the industry has felt the impact of multiple large-scale, non-targeted (indirect) malware attacks.
A potential malware attack to OT networks can be costly — disrupting or stopping production while creating safety and compliance issues. Malware has grown increasingly prevalent in this environment by targeting OT networks, which house valuable data, making them an attractive target.
Ransomware has evolved from hyper-targeted attacks affecting a single device, to entire systems, requiring ransoms into the millions. Just take WannaCry for example, the ransomware attack that spread rapidly through several computer networks in 2017 and demanded ransom in bitcoin currency. These were traditional IT attacks that leaked into OT environments, affecting more than one food and beverage company.
Another risk includes the external vendors that are remotely accessing plants’ OT networks to service machinery, which is especially common now with social distancing guidelines in place due to the Coronavirus disease (COVID-19). This exposes the systems and controllers on the shop floor to potential compromise if the authorized party’s systems are infected with malware, their access credentials are stolen or they don’t maintain sufficient security hygiene.
Smaller companies at greater risk to cyberattacks
Larger food and beverage companies are typically more equipped to take the proper steps to secure their facilities, likely due to budget and resourcing. Much of what is secured today would be identified as “last-mile manufacturers,” the actual product producers. Smaller, local facilities are less likely to have a comprehensive cybersecurity strategy in place, presenting more of a concern, as these producers play an equally important part of this process. Risks exist up and down a connected supply chain, whether this is the producer of raw materials or producer of the final product, and this must be considered.
Take, for example, a global chocolate company that sells candy bars. When looking at potential threats, a company not only needs to look at the manufacturer of the final product – the chocolate bar – but, also other manufacturers that provide materials or ingredients to make the product as well. This includes everything from the milk and cocoa production facilities to the manufacturers that provide the wrapping and packaging.
Secure remote access key in protecting food and beverage companies
Enabling remote access to the shop floor creates both opportunities and challenges. Connecting the shop floor to the internet increases the cyber threats to this environment, potentially allowing targeted and non-targeted threats to transfer from IT to OT networks.
In today’s agile work environment, third-party consultants or vendors need access to the systems to perform certain activities, whether this is maintenance, device control or analytics or even help in responding\mitigating a risk or a vulnerability. This requires remote access, but only to that specific vendor’s equipment, and supplying granular access is vital. Every user needs a separate account, with completely different permissions and audit capabilities. Not to mention that many third-party vendors typically provide their services or products to a range of other companies, connecting these networks further. This grows into a dense spider web of connections. A company should not only be concerned about the spider, but everywhere the web touches.
Secure remote access (SRA) ensures that even if a third party is connected to machinery in a manufacturing plant, they can’t influence other networks while performing maintenance. This means that even if one vendor was compromised by malware, for example, this virus could not infect the other vendors it connects to. These vendors only have permissions to connect to the specific operation to which they need access. In an increasingly remote world, this capability is key to creating a secure environment across all food and beverage companies.
Mitigating risk in food and beverage
Digitalization is here to stay, but it must be done securely. This means first eliminating blind spots in order to see threats clearly. Knowing an organization’s asset list, detecting where potential risk and attack vectors might be, and addressing this within an OT environment is crucial. To do so, a company must ensure the seamless integration between a remote access solution and monitoring solution to help identify and take action against the earliest indicators of a threat.
Robust audit controls are also necessary to view who is accessing networks, and this includes continuous monitoring of all remote connections, implementing privileged access control, multi-factor authentication (MFA) and consistent audit and compliance. Additionally, threat forensics empowers a team to identify an entire sequence of an attack event, providing a complete view across the enterprise and OT control networks. In today’s digital-first environment, understanding the cybersecurity threats and gaining full visibility into networks is key to the increasing efficiency and limiting operational disruption.