Cybersecurity in the Food and Beverage Industry: Risks and Recommendations

A spate of serious cyberattacks on manufacturing businesses in recent years propelled the sector into the cybersecurity spotlight. The food and beverage industry is an area of manufacturing that somewhat went under the radar in discussions of cyber risk compared to other areas such as energy. But this industry is also critical, so it’s time to glean a better understanding of cybersecurity in the food and beverage industry.

Key Cybersecurity Risks in Food & Beverage

Operational Downtime

As with other areas of manufacturing, the prospect of operational downtime is an outcome that those in charge of operational technology (OT) in food and beverage manufacturing plants want to avoid at all costs. And costs are the main reason for this avoidance of downtime, with over a third of respondents in one survey saying a downtime event at their plant would cost $1 million per hour.

Ransomware is a real concern in terms of operational downtime because it can rapidly replicate and spread between different systems. Closer convergence in recent years between IT and OT drives a range of benefits in terms of process efficiency as analysts derive insights from data generated at the machine level.

However, this IT/OT convergence also increases the attack surface. Without robust security controls and architecture, a cyberattack starting at the IT level can intrude into operations and cause downtime. These downtime events are significant risks for cybersecurity in the food and beverage industry.

Safety Risks

Cyberattacks can interfere with the machines that control processes on plant floors. This carries the potential of causing safety risks due to the fact that food and beverage outputs are consumable products. The safety of these products depends on a delicate balance of external factors, such as the processing and storage temperatures.

Consider a threat actor using a remote access trojan to control or intentionally modify plant floor systems. Examples include distributed control systems (DCS) and supervisory control systems like SCADA. A whole slew of safety risks become possible with malicious actors targeting these systems.

For example, a slight temperature alteration on the plant floor for certain foods or beverages could put thousands of people at risk for foodborne illness. Seizing control over operational technology also puts plant floor workers at risk from unexpected movements in heavy machinery.

Loss of IP and Sensitive Information

Another important risk from cyberattacks in food and beverage is a loss of intellectual property. Threat actors might use their access to OT networks to obtain recipe information or secrets about production processes. This information can be offered for sale on the dark web, revealed openly or sold to competitors seeking any means of obtaining sensitive information.

An important driver of this risk is slow detection and response across the attack cycle within OT environments. Threat actors use various evasive methods to disguise their presence within networks, and ineffective detection and response ensures they roam free to seek out this sensitive information undetected.

Talent Shortages Being Exploited

Cybersecurity talent shortages continue to plague every industry, but the dearth of skills in operational security is even more profound than standard IT security roles. The individuals who operate and maintain the machines used on plant floors in food and beverage are experts in food safety, but they often lack cybersecurity skills.

There are several well-defined standards and frameworks for ICS security, but the problem is having the right team to implement them effectively on plant floors. Threat actors are usually swift in realigning their targets to sectors lacking security skills, so expect to see more food and beverage companies being affected by cyber campaigns over the coming years.

Notable Attacks on Food and Beverage Organizations

These three attacks and their consequences exemplify why cybersecurity in the food and beverage industry is such a pressing concern.

JBS Foods

A May 2021 ransomware attack on JBS Foods caused havoc for the meat processing giant. The chaos that ensued resulted in operational shutdowns at meat processing plants worldwide, including nine plants in the United States. Not only was there a significant downtime event, but the panic about this downtime spurred JBS executives’ decision to pay $11 million to threat actors in return for decrypting all affected systems.

Molson Coors

A document submitted to the U.S. Securities and Exchange Commission in March 2021 by beverage company Molson Coors sketched the details of a cybersecurity incident that caused a systems outage. There were disruptions to brewery operations, production and shipments. The repercussions included a $2 million one-off cost to forensics experts, consultants and data recovery providers who helped Molson Coors restore operations.


Ferrera is a Chicago-based American candy manufacturing company that produces popular treats, such as Nerds, Rain-Blo and Fruit Stripe. In October 2021, a ransomware attack on Ferrera encrypted its systems. It’s unclear if the incident originated in the IT environment or OT, but it resulted in halting production in several manufacturing facilities.

Mitigation Recommendations

  • Increased OT cybersecurity training and awareness—While dedicated OT security talent shortages are hard to remedy, improving cybersecurity training and awareness for all plant floor personnel and operations managers will help to somewhat plug gaps and reduce risks. Awareness can inform about the risks posed to food and beverage safety as well as provide education on key threats. Training exercises can educate how to escalate and respond to threats.
  • Use a secure architecture—A tested and validated secure architecture is a critical best practice in reducing risks for cybersecurity in the food and beverage industry that stem from increased IT and OT connectivity. This architecture should tightly control traffic flows, secure connections and segment the network.
  • Improve IT/OT communication—Promoting improved communication between IT and OT personnel can mitigate much of the chaos and confusion that typically ensues after a cyberattack on a food and beverage company. Instead of panicked responses that lead to automatic shutdowns in OT because nobody is sure what systems are impacted, clear and well-rehearsed communication protocols between teams can help establish the big picture of an in-progress attack and provide clarity on remediation approaches.
  • Seek outside expertise—Outside expertise offers a cost-effective way to improve detection and response capabilities, protect intellectual property and understand how to best secure business-critical systems against downtime. Outside expertise could include managed detection and response or cybersecurity consulting focused on security issues and risk assessments in manufacturing.

Have you registered for our next event?