Cyberterrorism: How Food Companies Are Planning for Threat of Cybersecurity Risks

Another method that cyberterrorists might employ is gaining access through a third-party contractor that a food manufacturer uses. As computer programming and software development requires a very specific technical skillset, many food manufacturing companies will not have this expertise in-house and will outsource to a contractor to help build their computer networking. However, this very act of bringing in outside expertise can expose the food manufacturing company to additional risks. Many of the high-profile cybersecurity incidents that have occurred were a result of hackers accessing the systems of the third-party contractors, which then allowed them a gateway to their true target—the food manufacturing company.

Ultimately, it is key that food manufacturing companies recognize the risks of cyberterrorism to their businesses and the greater food system that they are part of. From there, it is essential to implement a comprehensive cybersecurity program that is actively managed and maintained. Installing an antivirus software that is not updated regularly, with firewalls that are not closely watched, will not stop the highly skilled individuals that either are getting past those walls because they have their own agenda, or because they have been hired by others who are motivated to do harm. Companies must have a more far-reaching approach, where the antivirus software and firewalls are supported by policies, procedures, proper staff training, and regular updating.

Companies should approach cybersecurity in the way that they approach a food safety plan, with a comprehensive risk analysis using a team that is made up of individuals with the appropriate process and technical knowledge necessary in order to develop an effective cybersecurity plan. There must be a plan of defense documented and implemented to manage the risks identified in the analysis. Active management of the plan and regular reviews of the system ensure it remains up to date with the ever-changing landscape of information technology.

Organizations also need to consider innovative ways to stay one step ahead of a cyberterrorist attack. One approach to consider, which is gaining popularity, is the use of  “white hat” hackers, who are computer security specialists who break into protected systems and networks to test and assess their security by exposing vulnerabilities before malicious hackers can do so. One of the truly beneficial aspects of utilizing this type of approach is that it goes right to the heart of prevention, instead of reaction.

Food manufacturing organizations, like companies across a broad spectrum of industries, recognize the importance of looking at preventing disaster, as opposed to responding to a disaster that has already happened. As John Ridpath, head of product at the technology educator Decoded, suggests, “The best form of defense is to be proactive and try to breach your own systems.” In the end, food manufacturing facilities that take this suggestion to heart are those that can take control of their cybersecurity, and that can be a huge competitive advantage in a global environment where connectivity is king.

James is a technical scheme manager in supply chain food safety at NSF International. Reach her at [email protected].