JBS SA is one of the world’s largest meat producers, but was recently hit by an infamous cyberattack.
Three former employees of the company, who worked in IT and security in the US, claimed that JBS ignored the recommendations of an audit into cybersecurity at the company. The audit recommended heavy investment in specialist monitoring technology to detect instructions. According to the employees, JBS thought this technology was too expensive and decided to ignore the recommendation.
Instead, JBS allegedly chose to concentrate on cost-cutting, instead of cybersecurity. Several employees claimed they found it hard to improve cybersecurity, as the company’s focus was on profits more than security issues. A representative of JBS USA denied these allegations about JBS’s attitudes towards cybersecurity.
Cyber Attack
Whatever their attitudes towards cybersecurity, the company was still hit. JBS fell victim to an incredibly specialized and sophisticated group of hackers. A JBS spokesperson claimed that only a day’s worth of production was paused, and that the issue was resolved quickly.
Whatever the truth of the situation, many questions about cybersecurity have been raised, showing the importance of having strong protocols in place, such as support from an IT company in Oxnard.
Because of a series of ransomware attacks, JBS had to shut down all of its beef plants in the US. The FBI identified the attacker as a REvil, a group with links to Russia. The attack targeted the Colonial Pipeline Co to impact fuel supplies to the East Coast, as well as slowing the production of pork and poultry products.
Ransomware is a kind of malware that encrypts files, preventing the victim from accessing them unless they pay a ransom. Some hackers steal files as an extra method of extortion.
Cybersecurity in Food
The food industry has not traditionally performed well in protecting itself against attacks, due to a lack of investment, and little to no standards.
The industry doesn’t tend to focus on technology. Most food companies don’t spend much on the latest cybersecurity technology, or on the talent to implement it. The attack on JBS reveals how big a problem this could be.
Modern food businesses often rely on computers and software across their business, from field to factory, using software to manage many parts of the business. Despite this reliance on technology, there are no uniform cybersecurity standards or regulations in the industry, which makes it very vulnerable to attacks. This is a concern for many businesses in the industry.
To combat this widespread problem, insurance underwriters are looking into ways to work with the food industry to prevent similar attacks from being carried out.
The food industry responds to regulations, but if an area isn’t regulated, it is often overlooked. Many food businesses also fall into the bad habit of using systems and software that are out of date. In fact, some are still using Windows 98. They also often use code for machinery that is vulnerable to being hacked.
Unfortunately, the food industry has historically ignored cybersecurity until an attack happens. The attack on JBS should be a wake-up call to change this habit for other companies.