· 9 min read
Digitization is transforming the food industry.
The rewards are obvious – technological leaps in the design, development, production, sale and distribution of food products globally. But with digital transformation we are seeing an explosion in the volume of data – and a corresponding increase in information security risks.
One threat above all others is setting alarm bells ringing for food industry leaders: fear of increased exposure to cyberattack. It is not hard to see why.
Serious recent cases include a ransomware attack on a global fruit and vegetable producer; a cybersecurity breach at a Canada-based meat processor; and a cyberattack on a Germany-based frozen-food supplier, to list just a few of those that have been reported publicly.
Many other breaches are never disclosed, with cybersecurity specialist Malwarebytes estimating that cyberattacks against the food and agriculture sector increased by over 600% in 2020 alone.
In the US, the FBI has repeatedly warned the food and agriculture sector about the risk of ransomware attacks that could result in the theft of proprietary information, as well as operational disruption leading to financial losses and even food shortages.
“Multiple agricultural cooperatives have been impacted by a variety of ransomware variants.”
The FBI raised a particular concern about the risk of attacks during the critical planting and harvesting seasons, when agricultural cooperatives may be more vulnerable to ransom demands.
“The director of a major food business recently told me the main issue they’re facing just now is not food safety risk – it’s cybersecurity!”
A broader worry is that some food businesses may be holding back from implementing the latest digital solutions in case they compromise the security of their own and their customers’ data or the value of their intellectual property – even though such investment is vital for them to compete in global markets.
Organizations feel seriously challenged by the scale of today’s information security threats.
“There is just so much data out there, not just generated by food businesses themselves, but also from their supply chains, industry bodies, local authorities, government surveillance and other sources. The risk director told me: ‘Our first challenge is how to select the relevant data and use it effectively. But an equally critical one is how we protect it’.”
“There’s no going back to a world before digital information. Food businesses depend on data that they generate internally, receive externally, and store for the short or long term. With new information generated continually, the key to cybersecurity is to stay in control of data storage, access security and management processes.”
There are constructive ways forward, including more thorough horizon scanning and adoption of key internationally recognized standards such as ISO/IEC 27001 and SOC 2 (common in North America).
By helping food businesses manage and protect their information assets, adopting the standard will inspire trust in them from consumers and help build organizational resilience. The latest version, ISO/IEC 27001:2022 has been updated to explicitly include cybersecurity and privacy protection, reflecting their integral role in effective modern management of information security.
“At NSF, we maintain certification to ISO/IEC 27001 to demonstrate our commitment to robust information security management. It guides us on new processes, improves employee training procedures, and eases legislative compliance.”
“There is a tendency for organizations to operate in silos, with their own information security initiatives, data sets, technologies and tools. We need to talk and get some data harmonization standards in place that everybody adheres to. With greater interoperability and sharing of data we can all gain a lot more visibility of risks and the power to act against them.”
“I talk to so many businesses who still use paper and spreadsheets to manage their complex information – and the risk of that is huge. But when looking for a digital solution, the data security question comes in. By looking for a solution that has robust information security, they’ll build trust that data is safe in their hands. A digital solution can help businesses to lower risks by streamlining compliance management – managing compliance requirements across multiple locations and regulatory frameworks. It could automate tracking and reporting of compliance activities, provide real-time visibility and performance metrics, and enable collaboration and communication between stakeholders.”
Wider, pan-industry collaboration is an important route to defusing information security threats – not to mention other food safety challenges.
Implementing a cloud-based, ISO 27001-compliant software solution, “has brought us up to date in an increasingly data-driven world. It is boosting our quality performance and underscores our commitment to food safety. It’s strengthening our supplier management and making us more resilient.”
When it comes to measures and controls to reduce the likelihood of food safety issues, basic principles are still being missed.
Food fraud makes big headlines in the news, but the loss of consumer trust has even deeper potential for impact on the food business.
Few topics have been higher up the risk agenda for food businesses in recent years than supply chain disruption.
There are so many sustainability challenges facing food businesses. The first step is to decide what to measure and what framework to follow.