Food manufacturing and IT security – what do you need to know

By Greg Crowley

- Last updated on GMT

How to protect against cyber attacks. Credit: Getty/Just_Super
How to protect against cyber attacks. Credit: Getty/Just_Super

Related tags cybersecurity Technology Innovation

Cybersecurity expert Greg Crowley, chief information security officer for eSentire, talks through the types of cyber attacks you may be vulnerable to and simple ways of protecting your business operations.

The farm to fork movement is growing in popularity. Customers want to know where their food has come from, how it was made, and who was involved in the supply chain. Having an understanding of this will not only hold you in good stead with modern-day shoppers, but it also enables one to reduce waste and improve efficiency within their processes.

Implementing tracking technology which follows and records the entire supply chain journey is one solution which many producers are getting on board with. However, alongside innovation and opportunities, there are also threats in the deployment of tech.

According to Make UK’s December 2022 report, almost half of all British manufacturers fell victim of cybercrime over the course of the year, with more than a quarter of respondents reporting financial loss due to an attack.

But why do manufacturers face more challenges and what can they do to improve their approach?

The problem with legacy systems

Food manufacturers have an incredibly broad mix of different technologies in place, ranging from the very latest and most modern systems, through to legacy systems that have been in place for decades. As part of this, manufacturers will also rely on third-party software which may or may not be supported.

These systems can work effectively, meeting what the business needs. Indeed, legacy systems may be so critical to operations that replacing them seems unnecessary and expensive hassle. The issue is that these older systems can also be host to potential software vulnerabilities, perhaps because they have not been updated.

Types of cyber attacks and the consequences on business

There are a range of ways manufacturing companies can be attacked online, from phishing (wherein the attacker ‘fishes’ for sensitive information like bank details; to water holing in which a fake website is set up to compromise another and exploit traffic, along with ransomware attacks. These latter attacks prevent you from accessing your device and the data stored on it, with the data encrypted or stolen until a ransom is paid. This can result in data being leaked and/or complete system shutdowns.

The impacts can be significant. One international food producer hit in 2021 lost almost two days of production and had to pay $11mn in ransom to protect customer data. This was followed by months of system clean up work.

Beyond the initial bearing on the business, there will then be other problems that come up. Product shortages may lead to price increases due to diminished supply, which is not popular in today’s economic climate! There can be ripple effects on other food producers too that incorporate ingredients or products in their goods, leading to potential shortages and broken contracts that increase costs over time.

How do cyber attackers work?

There is a whole threat intelligence industry dedicated to tracking the latest in attack profiles, techniques and tactics – and this can really help you be prepared against attacks.

The groups can be incredibly sophisticated in their approach where nation-state backed cyber threat teams are involved, but the majority of attackers will be opportunists out to make easy money at the expense of others. These groups will normally adopt one of the following approaches:

  1. Email:​ The humble email is still the most common route to get malware into an organisation. These typically arrive with subject lines such as ‘Invoice’ or ‘Shipping’ that are relevant to companies involved in a manufacturing supply chain. To increase their chance of successfully compromising a machine, threat actors may try to hijack older email threads or impersonate either external business contacts or senior management figures.
  2. Drive-by-attacks:​ These attacks target employees when they browse the web and look for information relevant to their jobs. One common technique is hosting files containing malware on hacked sites, and then employing search engine optimisation to target employees searching for data relevant to their roles. Alternatively, attackers may create fake webpages for common software products and then buy online adverts to display. The fake webpage then uses a false ‘out of date browser’ alert to trick users into downloading and executing the malware.
  3. Remote exploits: ​Companies have to connect some of their IT assets to the public Internet as part of their work. While manufacturing systems and operational technology assets may run on their own network, web applications and services must be available online for employees to use them. These systems may contain exploitable vulnerabilities that can lead to machines being compromised. Attackers can then try to move within the company network and see what data they can steal or encrypt to achieve a ransom.

How to protect your systems from attacks

To protect your food manufacturing business against bad actors, there are some proven best practices that you can adopt.

The first of these is quite simple – just being aware of the problem and training your employees so they can be more vigilant around potential attacks. This is particularly important for any staff that might have to interact regularly with people that they don’t know – a good example of this is HR, where they might have to review CVs and job applications. Attackers have targeted HR teams with fake CVs in the past in order to get malware downloaded.

Training should cover the dangers of fake emails and business email compromise (BEC) attacks as well as malicious web browser downloads through phishing and security awareness training (PSAT). Alongside training, you should also set up an ongoing reporting process for users to flag anything that they are suspicious of, even if they have clicked on a link or opened a file. This process should not punish users if they make a mistake as this discourages them from reporting those issues, leading to much more damage.

On the IT security front, there are multiple solutions that can improve your security, from looking at your PCs with technology such as endpoint detection and response (EDR) which is designed to monitor and mitigate attacks, through to email filtering and network monitoring.

You should implement a vulnerability management approach, so that you have an accurate inventory of all your IT assets and can see which of them need to be updated. Every month, new issues will be found that might affect your systems, so you can check for any risks that you face and then implement updates accordingly.

For manufacturing companies, this may be harder to carry out if the issues exist in production systems that have to keep running around the clock. Operational technology systems like food manufacturing may rely on software that can only run on older operating systems or with specific dependencies, leading to risks. If you have this kind of operation in place, then using air gaps and separated networks can prevent issues from being exploited. However, you should adopt a full mitigation strategy to prevent attackers from getting access to any sensitive assets. Over time, consider how to update those systems and replace them with more modern applications where you can.

With so much emphasis on productivity, it also makes sense to look at a 24/7 managed detection and response (MDR) service. MDR covers security monitoring and response to potential issues in your environment, and you can either run an internal team for that purpose, or engage with a third party provider that can run the service on your behalf. Whichever approach you choose, MDR cuts down the time to detect and contain any attack on your systems and helps you to respond to any issues if they do arise. The speed with which you can detect and contain an attacker before they achieve their objectives is imperative in preventing business disruption.

Think holistically when it comes to cybersecurity

To protect your operations against attack, it is important to prepare yourself in advance of a problem occurring. By implementing best practices and planning ahead, you can improve your chances of not suffering a breach in the first place. If something does go wrong, you should already have an effective incident response plan to manage and respond to the issue, as well as the team or supplier in place to enact that plan.

Just like the farm to fork movement, IT security looks to improve the whole process that takes place around operations. By planning ahead and thinking about things holistically, you can make the most of your team and improve your overall risk management results.

Related topics Supply Chain Industry 4.0 Operations

Related news

Show more

Follow us

Featured Jobs

View more


Food Manufacture Podcast

Listen to the Food Manufacture podcast