Every business operating in today’s digital world is at risk of a cyber incident. And, simply put, any breach is a significant affair. Why? Compromised systems increase doubt. Doubt in what your equipment is telling you. Doubt from customers that you are taking your responsibility to protect their data seriously.
However, when a breach impacts critical infrastructure or a food and beverage manufacturer, it seems to take the seriousness to another level. After all, in either instance, the impact could result in serious injuries or even fatalities.
This is what made the recent attack on a small Florida city’s water treatment facility so alarming. It is also what makes the “cyber incident” recently acknowledged by Molson Coors a scary occurrence. While the adult beverage manufacturer has yet to provide many details, a regulatory filing Thursday noted the event has resulted in taking key systems offline, including impacting portions of its production and distribution operations.
“Given the round-the-clock nature of operations in food and beverage companies, much of the IT equipment in manufacturing plants can’t be patched frequently, making these assets a prime target for attacks such as ransomware, which can seize up operations abruptly with a dramatic cost to the enterprise,” says Grant Geyer, Chief Product Officer, Claroty.
In fact, recent Claroty research found that the food and agriculture sector has seen a 56% increase in industrial control system (ICS) vulnerabilities from 2019 to 2020, after seeing no increase from 2018 to 2019. “What’s clear is that industrial operations are now a dream target for cyber attackers seeking financial gain,” says Geyer. “One additional unique and concerning facet of the food & beverage industry is the very broad set of third party automation vendors that maintain site-to-site access directly into the operational technology (OT) environment for maintenance. These connections have surprisingly limited identity and access management controls and even fewer – if any – session monitoring and recording. With so many potential OT entry points, attackers don’t even need to transit the IT/OT boundary to wreak havoc.”
These high profile attacks are becoming all too common, as attackers have realized they are immensely more profitable when they target large organizations and disrupt their critical business operations – in this case, the brewing operations of the world’s biggest, well known beer brands, explains Edgard Capdevielle, CEO at Nozomi Networks. "While the company hasn’t released details, this scenario could be ransomware and this type of situation should be factored into an organization’s incident response and business continuity plans," he says. "Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption."
Niamh Muldoon, global data protection officer with OneLogin adds, "This is an example of how attackers are targeting high profile organizations to interrupt key business operations, in this case, manufacturing. Ransomware remains a global cybersecurity threat and is the one cybercrime that has a high direct return of investment associated with it, by holding the victims' ransom for financial payment. On a global scale, cybercriminals will continue to focus their efforts on this revenue-generating stream. This reinforces what we've said before that no industry is exempt from the ransomware threat and it requires constant focus, assessment and review to ensure that critical information assets remain safeguarded and protected against it."
Adds Geyer, “To protect themselves against any kind of attack or security breach, producers, manufacturers and anyone involved in the food & beverage and their supply chain should ensure that they have complete visibility into all of their systems and processes and make sure to continuously monitor for any threats that could result from a targeted or opportunistic attack.”
According to Capdevielle, "Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware and other cyberattacks.”
We will continue to update this story as more information becomes available.