Cyberterrorism: How Food Companies Are Planning for Threat of Cybersecurity Risks

Accessing confidential information is an ongoing favorite of cyberterrorists generally. Look no further than the recent Facebook scandal, where Cambridge Analytica was able to harvest over 50 million user profiles, simply by building a quiz app that collected data not only from the individuals taking the quiz, but also from the friends of these individuals—people who had no connection with the quiz. In another angle, a joint study released by the antivirus software specialist McAfee and the technology services provider Science Applications International Corp. showed that hackers are now looking to gather trade secrets and marketing plans and use that intellectual property to their own advantage.

The threat of tampering might be a method used by cyberterrorists. An example of this can be seen in the subset of cyberterrorists known as cyberactivists. Cyberactivists are those who may disagree with a company’s product or the method the company uses to produce the product. These individuals may threaten initially to use hacking to attack a company’s reputation, disrupt its operations, or maliciously modify its automated processes and then, depending on the response of the company, go on to launch the damage. Criminals may also use the threat of lost profits, caused by the disruption of equipment or transportation, to extort money.

Regardless of the motive, what is universally frightening is that any of these avenues could easily be initiated by cyberterrorists located anywhere in the world. There is certainly no requirement for the person perpetrating a cyberterrorist act to even set foot in the facility that is affected.

Limiting Exposure to Harm

With all of this in mind, it might be surmised that the food industry is arming itself heavily to prevent cyberterrorist acts. Unfortunately, that assumption might not be as accurate as would be desired. A number of factors are behind the fact that the food industry is not the most up to date in tightening its cybersecurity. One is a lack of awareness. Since breaching a company’s computerized systems is not as obvious as a piece of equipment that is not working, or a patch of flooring that requires repair, dedicating the resources to protecting those computerized systems is not the first priority. Those resources, of course, are tied into available money. Many food manufacturers look to their budgets first to improve food safety and quality, as well as productivity, before focusing on cybersecurity, especially if they never had an issue (at least not one that they are aware of). That lack of focus on cybersecurity can result in unnoticed system vulnerabilities. These vulnerable areas could include firewalls that go out of date, remote access portals that are insecure, operating systems that can be more easily corrupted, and staff that is poorly trained and/or unaware of the risks.

Even companies that have realized the importance of having a defense prepared against cyberterrorist attacks will often focus on the protection of their database systems. However, what is frequently overlooked is that professional hackers will use indirect and innovative methods to bypass the gates of even those systems that the companies believe to be secure. One example of a fairly simple way that a hacker can gain access is through the deployment of a large volume of phishing emails, all sent to personnel employed by the company that they are targeting. This technique is akin to the practice of ringing the doorbells of everyone that lives in the same apartment building. While most apartment dwellers won’t allow an individual who they don’t know into the building, the likelihood that one person will allow access increases the more doorbells are rung. And that is all that is needed—just one person—to let the hacker in.