Wisconsin is a food processing powerhouse. And that critical infrastructure makes the Badger State vulnerable to cyberattacks, according to Jen Pino-Gallagher of M3 Insurance.
Pino-Gallagher is the director of agriculture, food and business at M3. She says any operations with internet, email or software, then essentially those businesses are at risk. Hackers target food processors to steal data, company information or even shut down the operation in order to get money, she explains.
And these hackers are professional, Pino-Gallagher emphasizes. Hackers are highly organized, business-like organizations. The revenue is what is stolen from attacks, such as ransom, embezzlement or data sales. Unfortunately, she says cybercrimes of all types are on the rise, increasing 600 percent as a result of the pandemic, due to people working remotely. 2022 is expected to be another record-breaking year for cyberattacks.
She says companies of all sizes are at risk of cyberattacks. There’s also been highly publicized attacks of large food systems, such as an Iowa grain cooperative, Colonial Pipeline and JBS Foods USA.
In June 2021, JBS, whose plants process about one-fifth of the nation’s meat supply, paid a ransom of $11 million in Bitcoin after it suffered a ransomware attack, which the FBI attributed to the criminal ransomware gang REvil or Sodinokibi, according to the Congressional report. The attackers gained access to an old network administrator account that had not been deactivated and was protected only by a weak password. The attack on JBS caused the company’s plants to temporarily shut down.
JBS told a Congressional committee that it paid the ransom to prevent having to rebuild its system, fill customer and employee obligations, and process meat carcasses in its facilities, totaling tens of millions of carcasses per day.
As a result of this incident and others within the food industry, the FBI released an advisory, encouraging the supply chain to take action against cyberattacks. Pino-Gallagher says there’s many steps companies can take to prevent attacks: make cybersecurity a company priority, such as training employees; installing multi-factor authentication; and creating a company response plan.
Need resources for pursuing these options? Pino-Gallagher says you can reach out to the state Department of Justice and your trusted advisors, such as your insurance agency, your accounting firm or your bank.