In the previous article (https://www.foodstheword.com/post/cyber-security-and-food-industry), we delved into cyber-attacks and the havoc they inflict on the Food and Beverage Industry. The loss due to cyber-attacks has witnessed a precipitous ascent in recent years and it has been estimated that the attacks are bound to sway higher on the swing in the coming years.
So how can the industry keep itself protected from the attacks and the damages caused by these attacks?
1. Cyber-Insurance
Cyber-attacks, apart from reputational and data losses, also comes with a cost of hefty fines, with the recent surge in the rigidity of data privacy laws. In the unfortunate event of an attack, cyber-insurance will have the organization covered. While general insurance covers accidental damage and property damage, cyber insurance covers the organizations’ liability in case of a cyber-attack. With a mammoth shift towards the remote working model and sky-scraping dependence on technology for business sustenance, cyber-insurance has become a critical requirement in the risk management process of the Food and Beverage Industry.
Cyber-insurance helps cover the following costs:
- Cybercrime investigation cost
- The cost of recovering the data lost in a breach
- Cost involved in setting up a business continuity plan (BCP)
- The cost due to business shut down
- In the event of a GDPR breach, the cost of legal defense
- In the event of the presence of third parties, the cost required to notify them
- Regulatory fines
Depending on the size of the organization and the amount of personally identifiable information (PII) or personal health information (PHI) processed by them, the company can choose a cyber insurance plan that is suitable for them.
2. Information Security Assessments and Certifications
Most of the Food and Beverage industries still rely on legacy systems that run on obsolete operating systems like Windows’98. This code cannot be altered or patched and is highly vulnerable to cyber-attacks. Connecting these legacy systems to IoT devices is pretty much the equivalent of handing the vault key to the thief.
A simple penetration testing will probably go a long way in assessing the vulnerabilities present in the system that could be exploited. Getting the organization certified with a standard like ISO-27000 and staying compliant to the same can help in data risk management. The ISO 27001 is a specification for information security management system that allows companies to manage and ensure the safety and reliability of the information systems processing their data. This comprehensive assessment will help organizations get an idea of how well guarded their systems are, what measures would have to be taken to make their information systems more robust and attack proof, and how to enhance cybersecurity and privacy protection.
Organizations that have outsourced their IT operations to a vendor organization should take diligent efforts to conduct a third-party risk assessment of the vendor organizations to ensure the vendor has robust IT security controls in place.
3. Raising Awareness
Any successful organizational transformation occurs through People, Process, Technology. Employees make the company and getting the employees cognizant of the intensity of rising risks behind data breaches and making the employees cyber cautious can go a long way in keeping them safe from social engineering attacks like phishing attacks. Conducting regular mandatory training sessions and encouraging employees to call out instances where they see anything out of ordinary can help nip any discrepancy at the bud.
Further, simple measures like implementing multi-factor authentication for critical systems, regularly encouraging employees to change passwords, checking for regular updation of security patches, flagging situations where there has been a miss and taking appropriate measures to address the same can help ensure a cyber safe work environment.