Written by: Louise Calderwood | November 10, 2021
From comedy to drama, computers have provided rich themes for movies for nearly 60 years from bringing about the end of the world with a computerized nuclear program using the slapstick humor of “Dr. Strangelove” (1963) to the drama of “2001: A Space Odyssey” (1968). For many businesses, 2021 has been the year that the reality of cybersecurity became stranger than fiction as data was encrypted and ransoms were paid in the wake of several high profile cyberattacks. It is time for business of all sizes to address computer safety and take steps to protect their data and wallets from cyber criminals.
Read on for some “getting started” tips provided to our members by John Hoffman, the senior research fellow at the University of Minnesota’s Food Protection and Defense Institute.
The desired outcomes for cyber criminals are as varied as their tactics. The IBM Security webpage explains that criminally motivated attackers may seek financial gain through theft of money or data, while personally motivated criminals, such as disgruntled employees, may be satisfied with the opportunity to disrupt a company's system. Ransomware attacks are now the most common form of cyberattack and criminal gangs target food and agriculture because they know where the money is.
In his presentation to our membership, John emphasized that humans are the weak links in cybersecurity. Candidates for a cyberattack can range from a corporate executive to the newest employee in the warehouse. Even the most seasoned IT professional can be victimized by a cybercriminal. Operations equipment provides a common route of entry for cyberattacks as criminals gain access to sensitive systems through sensors, motors and instrumentation. Providing regular training on information security principles and techniques as well as emerging cybersecurity risks (i.e., ransomware and phishing scams) is an essential first step.
Once a training system is established, good cyber hygiene can be broken down into steps equivalent to implementation of hazard analysis and preventive controls for safe food manufacturing to include monitoring, corrective actions, verification and records. Cybersecurity will be a topic for our upcoming Pet Food Conference in January, where John will be joined by an FBI agent to address pet food-specific security issues.
The Cybersecurity and Infrastructure Security Agency (CISA) has resources for businesses to assist in the development of best practices to protect information systems and sensitive data. By subscribing to a monthly bulletin, businesses can be alerted to upcoming cybersecurity webinars, workshops and new publications.
Businesses of all sizes are vulnerable to the nefarious tactics of cybercriminals. Don’t let your business be the star of the next computer thriller, take steps now to keep your information and your bank account safe from cyberattacks. Because while “Dr. Strangelove” is a comedy classic, cybersecurity is certainly no laughing matter.
Is cybersecurity a component of risk management, safety and security programs?
Are there security gaps in your cybersecurity program?
Are information technology and operational technology employees familiar with the concept of Hazard Analysis and Critical Control Points?
Who approves changes to system access and device use?
Is two-factor authentication required across all systems?
How are patches and updates handled?
How will defensive principles be improved?
What are current training activities?
What is the company’s policy for implementation and enforcement?
Who owns security responsibilities?