One of the biggest cybersecurity attacks in recent history occurred against Australia’s largest beer brewer Lion in 2020, when all of its systems were forced to shut down after it was first hit by a series of ransomware, then a new series of attacks that basically crippled its computer systems.

In 2021, the world’s largest meat processor, JBS Foods, fell victim to another ransomware attack that halted its global operations for nearly a week and left it held for ransom by Russian hackers. , with several of its Australian operations also being disrupted.

According to data from the Australian Cyber ​​Security Centre, cybercrime jumped 13% in 2021, with Australia’s food supply constantly under attack, and to mitigate these large institutions with expertise in financial security such as the National Australian Bank (NAB) are now urging food and beverage companies to take more proactive measures to avoid being the victims of attacks.

“Some A$33 billion in total have been reported in cybercrime losses, including over A$30,000 suffered by mid-sized businesses,” NAB Group Senior Security Consultant Tessa Bowles said at the recent Food South Australia 2022 Summit.

“We have consistently found that using emails with malicious links or attachments continues to be the most common initial infection vector. [despite multiple warnings and instructions to prevent this]but increasingly sophisticated methods are also [coming into play].

“Credential phishing (when hackers attempt to steal user credentials by impersonating a trusted entity through communication), SMS phishing, and social engineering tactics such as phone scams are becoming increasingly common.

“Within companies, work emails are targeted to send malicious messages to the victim’s address book, to intercept payment details, to make fake payment requests, etc. [interesting yet somehow effective] the scam is CEO impersonation, where a hacker writes to a target victim pretending to be the CEO of the company and asking for critical financial information.

With the rise of these multiple cyberattack tactics in circulation, Bowles encouraged Australian food and beverage companies to protect their data and finances to minimize their risk of falling victim to them.

“In addition to following the Essential Eight model​​ secure your business to ensure it is not only equipped to handle an attack, but also to contain, respond and recover [from any potential infiltration]there are the top five do’s that should also be followed,”she says.

“Step one is always to implement the eight essential steps, step two is to enable multi-factor authentication (MFA) and automatic software updates, step three is to enable segregation of duties (a principle that separates essentially the critical tasks between different employees to ensure that no one has the data or access that can cause irreparable damage), the fourth is to back up the data and the fifth is to educate the entire team in your company to these risks.

Essential training and education

Even in food and beverage companies where cyberattacks may not be a priority, unlike production and product innovation, all members of a team need to be aware of the risks and how to detect them. , as the consequences can be significant, as has been demonstrated. by the events of Lion and JBS.

“All staff should be trained to identify red flags from suspicious messages [as] they are often the first line of attack/defense, so whether through webinars or professional training, they need to be upgraded,”said Bowles.

“Passwords have been identified as another weak link – using different passwords for different logins and differentiating between personal and work accounts would in itself be a great deterrent, [but] research found that the top five passwords of 2021 were easy guesses, namely: 123456, 123456789, querty, password, and 12345.”

The risks are further heightened when it comes to the use of high-tech food production technologies – earlier this year, a South Australia-France-Saudi Arabia study highlighted that the use of sensors and smart systems in the crop monitoring and management opened up the food system to more cyberattacks.

We must not overlook security threats and vulnerabilities in digital agriculture, especially potential side-channel attacks specific to agri-tech applications,” said study researcher Dr Saaeed Rehman of Flinders University in South Australia.

“Digital farming is not immune to cyberattacks, as evidenced by interference with a US watering system, a meatpacking company, wool brokerage software and an Australian beverage company.”