With our food and beverage supply chain at high risk of cyberattack, manufacturers must prioritize the security of business applications.
By Sadik Al-Abdulla, CPO of Onapsis
Like most industries today, the food and beverage sector has become increasingly targeted by cybercriminals, as evidenced by the recent cyberattacks on food giants like Dole, Sysco and Maple Leaf Foods. The effects of a successful cyberattack can be detrimental for food and beverage manufacturers, particularly when their critical enterprise resource planning (ERP), e-commerce, or supply chain applications are impacted. They may face far-reaching reputational and financial consequences for interrupted business continuity, delays in digitization projects, theft of proprietary information, and loss of consumer data. Human safety might also be an underlying risk considering the perishable nature of end products.
As cyberattacks against the food and beverage supply chain continue escalating, manufacturers must be well-equipped to protect their critical business applications to ensure their products are safe, are still meeting increasing privacy laws, and aren’t compromising their digitization journey. Below are three best practices food and beverage organizations should follow when strategizing the best approach to cybersecurity.
Digital transformation in the supply chain is accelerating. In fact, 82% of CEOs in supply chain-intensive markets are gearing up to increase investments in digital tools across their organization. However, as companies ramp up digitization and accelerate the adoption of innovative e-commerce technologies, they often treat security as an afterthought by deploying it too late into the development process. As a result, they lack the right level of visibility into their ERP landscape and aren’t able to manage the risks plaguing these critical business applications.
ERP applications are essentially the backbone of the food and beverage industry. Organizations leverage these systems to manage their daily business activities, from supply chain management, accounting, compliance, and more. Since ERP systems are tied to sensitive corporate, employee, and partner information, a cyberattack on one of these applications could be catastrophic. Further visibility into the ERP landscape is crucial for security teams to pinpoint where potential risks lie and proactively make a game plan to address them.
Many enterprises rely on the traditional defense-in-depth security framework, where numerous layers of security tools are deployed. The goal of this approach is that, if there is a flaw in one of the layers, the enterprise applications will be secured by the other controls and the compromise’s impact will be limited. With so many security layers implemented, a threat actor might take longer to fully penetrate an enterprise network, providing security teams with more time to halt the attack. It’s much more crucial to add security layers for the most critical application: ERP.
In order to truly protect the enterprise crown jewels, organizations need vulnerability management solutions that specifically cater to ERP software. While these tools can help security teams continuously monitor users and suspicious activity within their network, they can also proactively identify security flaws and provide strategic guidance about each threat, including thorough descriptions, their level of criticality, and their business impact. These insights will enable security teams to obtain a better grasp of their ERP landscape, understand exactly where their security gaps lie, and decide the best course of action in terms of response. From there, security teams can prioritize vulnerabilities that may have a more critical business impact if compromised, rather than spending extra time on flaws that may not be as dangerous.
In a best-case scenario, robust security tools can prevent even the most sophisticated of hackers from penetrating an enterprise network. However, this isn’t always the case. In fact, many organizations that don’t commit the right time to practice incident response often fail to properly address an unexpected security incident. When it comes to their ERP applications, it’s crucial that security teams take a risk-based approach to incident response. This assures they are well-prepared to face a wide range of attacks, including exactly how much time and what specific resources will be required to tackle each scenario. In addition to creating a playbook of scenarios, it’s also a best practice to create scorecards that illustrate their level of readiness to tackle each incident.
The food and beverage sector will remain a priority target for cybercriminals, and thus, keeping up with the ever-evolving threat landscape will be absolutely essential for manufacturers. By obtaining deep visibility into their business application landscape, deploying the right vulnerability management tools, and integrating a well-tested incident response strategy, food and beverage organizations can proactively mitigate any threat that comes their way.
About the Author:
As Chief Product Officer, Sadik Al-Abdulla is responsible for leading product vision, strategy, and execution for The Onapsis Platform. An executive leader of enterprise security businesses with more than 20 years of experience, Sadik has the insight and expertise to help customers solve today’s most sophisticated security challenges.
Prior to joining Onapsis, Sadik served as Vice President of Product Management for McAfee’s enterprise business. While at McAfee, he envisioned and brought to general availability their market-leading SASE/SSE product and evolved their Gartner Magic Quadrant leading CASB solution. He was also responsible for several other major product lines, including data loss prevention (DLP), secure web gateway (SWG), and network-based intrusion prevention system (NIPS). Previously, Sadik held multiple leadership positions at CDW, helping to lead the security business to over 3x growth. He is a former security consultant, security researcher, and penetration tester.
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”