In 2021, cyber adversaries directed attacks towards critical infrastructure groups, meat packers, hospitals, and universities. But the cream cheese suppliers likely expected to be spared a front page spread. Here’s what happened, and why food and agriculture groups represent prime targets for hackers.

What happened

In October, a cyber attack hit a major cream cheese supplier, limiting production for several days ahead of the holiday season. Prior to the attack, cream cheese enterprises across the country were struggling to retain workers and accelerate production to meet market demands.

In 2020, consumer demand for cream cheese increased by 18% as compared to 2019. Experts state that the jump occurred because more people were at home baking than previously, due to the pandemic. According to Kraft, cream cheese demand remained at that elevated level across 2021.

In contrast with face masks or oil, the US does not maintain strategic reserves of cream cheese.

Downstream effects

In the wake of both cyber disruptions and unexpected supply chain snarls, the cream cheese industry pursued a creative approach to the holiday rush. The manufacturers of Philadelphia cream cheese, for example, launched a campaign offering to reimburse $18,000 lucky consumers who opted for a different holiday desert this year that did not involve cream cheese.

“This is not an empty shelf, it’s a holiday tradition waiting another year,” said the Philadelphia cream cheese supplier. The labor, supply chain, and cyber hurdles can be overcome with time.

Well-known businesses like Junior’s Cheesecake were forced to temporarily interrupt plant operations. Junior’s Cheesecake runs through a cool 4 million pounds of shmear annually. And in New York, bagel shops struggled to retain adequate supply.

Food and agriculture vulnerabilities

The recent cyber attacks on food-focused enterprises highlight broad-spectrum cyber challenges. Security experts contend that the food and agriculture sector likely remains among the most underprepared sectors when it comes to cyber threats.

Food and agricultural entities often own older devices and software, and may be behind when it comes to patching and security measures. Many take the ‘if it ain’t broke, don’t fix it’ approach.

In the US, the Department of Agriculture recently hosted a cyber security expo to help food and agriculture groups learn how to increase cyber resilience. Similarly, the Wisconsin Cheese Makers Association held a webinar to provide members with resources pertaining to cyber threat prevention. Organizations were encouraged to segment systems.

In summary

Although response teams typically act with urgency to resolve any cyber issues that may arise, cyber attacks can prove challenging to resolve.

Food processing groups may prove an opportune target for ransomware criminals due to the pressure involved in quickly processing raw food materials. Cyber criminals may perceive food entities as highly incentivized to rapidly hand over millions in payment.

For more information about cyber security as it pertains to the food and agriculture industry, see this CyberTalk.org piece.

To learn more about managing cyber risk in a changing world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.