Modern supply chains open up cyber weak spots

What do Arizona Beverages, Coca-Cola FEMSA, Molson Coors and Damm have in common? All of these drinks companies have been the subject of cyberattacks in recent years, which have caused varying degrees of business disruption. 

Some, like Arizona Beverages, were hit by ransomware attacks, which wiped hundreds of the company’s computers and servers and effectively shut down the businesses’ sales operations for a number of days, according to media reports. Others – like Molson Coors and Damm – were forced to halt production due to unspecified cybersecurity incidents.  

These incidents are by no means isolated examples. They’re the ones that became public knowledge. According to data produced by cybersecurity business Armis, in 2023 cyberattack events increased by 104% globally and manufacturing was one of the most at-risk industries, with attacks rising 165% (the company doesn’t track specific figures relating to drinks manufacturers). 

In addition to the volume of attacks against manufacturers increasing, experts say cybercriminals are getting more sophisticated in the way they conduct attacks. Rather than targeting the manufacturers directly, experts say hackers will look for weak points in the company’s supply chain that they can target.

One of the main reasons drinks manufacturers have found themselves targeted by cybercriminals is because many of them have undertaken digital transformation programmes. 

The implementation of more automation and smart technologies across their production processes and their supply chains has in turn created new opportunities for cybercriminals, says Kristin Demoranville, CEO at cybersecurity consultancy AnzenSage. 

“These days, systems aren’t just physical anymore; they’re cyber-physical with internet capabilities,” she explains. “You can push a button or pull a lever but you can do the same with your smart device. Cybersecurity isn’t just about the digital space; it’s also about protecting the physical security of these environments.” 

Demoranville says the attack on Molson Coors, which took place in March 2021, highlights “how interconnected our systems are and why drinks companies need robust cybersecurity measures to handle both digital and physical threats”.

In addition to the higher levels of automation, drinks manufacturers are considered part of critical national infrastructure, which makes them increasingly attractive targets for nation-state attackers as well as cybercriminals. 

“We’ve seen this during the war in Ukraine, where cyberattacks targeted various sectors, including food and beverage, to disrupt supply chains and create instability,” says Demoranville. “Food safety also comes into play; if attackers can compromise the integrity of beverages, it can have profound public health implications.” 

The sector’s heavy reliance on just-in-time manufacturing and distribution is another potential hindrance and vulnerability, according to Demonranville.  

“They [drinks manufacturers] don’t keep extensive inventories on hand; they get materials as needed. While this is efficient, it also makes them extremely sensitive to disruptions. Cybercriminals know that a successful attack can halt production, leading to significant financial losses, which creates a strong incentive for companies to pay ransom quickly.” 

Carlos Buenano, CTO of operational technology at Armis, agrees. “They [drinks companies] often run [production] 24/7, with potentially catastrophic effects if the production chain is disrupted. Additionally, these companies have a complex supply chain, making them susceptible to supply chain attacks.” 

According to cybersecurity experts, the supply chain is a major and growing area of vulnerability for drinks manufacturers with many companies relying on a broad network of suppliers and logistics providers. It only takes one of those suppliers to have weak cybersecurity protocols in place and it can jeopardise the whole supply chain, cautions Demoranville. 

“In logistics, we’re leaning heavily on digital systems nowadays,” she continues. “IoT devices and automated inventory systems make things efficient but also open up new vulnerabilities. If these aren’t properly secured, a cyberattack could throw a wrench in the whole operation, causing major disruptions. Distribution networks are another critical area. They’re all about interconnected systems for tracking and delivery. If there’s a weak spot anywhere, it can mess up the entire flow of goods to market, leading to financial hits and hurting the company’s reputation.” 

And the problem is the larger the supply chain the greater chance there is of weaknesses occurring. These weaknesses can be multiple and varied, says Rich Jackson, strategic business manager at Moore ClearComm, the cyber and data protection division of accountancy firm Moore Kingston Smith.

“Common weaknesses include the use of unsupported, unpatched, and poorly configured systems, software and IoT devices, along with a dependency on third parties that lack robust cybersecurity practices which exacerbates the risks,” he explains. 

It is therefore vital manufacturers secure their supply chains and ensure suppliers adhere to strict cybersecurity standards and conduct regular audits.   

“A simple first step could be implementing a cybersecurity checklist for suppliers to ensure they meet your security requirements before continuing business,” says Demoranville.

To understand the risks they face, manufacturers also need to have full visibility across their entire network.  

“Network segmentation should be put in place to restrict unnecessary connectivity and the movement of malware in order to mitigate the impact of cyberattacks,” advises Andrew Lintell, general manager in the EMEA region at industrial cybersecurity company Claroty. “The situation is also exacerbated with some food and drink organisations not having effective vulnerability management strategies in place. A quarter of food and beverage organisations admitted that they only assess security flaws reactively or not at all. It’s no good trying to fix an IoT device’s vulnerabilities once they have already been exploited by cyber criminals and it is even worse if there’s no attempt at all.”

To minimise the future risk of cyberattacks, Trevor Dearing, director of critical infrastructure at US data and cloud-computing security company Illumio says drinks manufacturers must adopt a “break glass” style response time to incidents, with extra protection given to critical systems so that attacks can be stopped before they impact business operations.  

“The most effective way to implement this is through ‘zero trust’ – a security model that works on the principle of least-privilege access,” says Dearing. “IT teams can control how systems communicate, meaning an attack can be contained and production secured. Also, by having tight controls around access, it makes it harder for criminals to infiltrate and spread inside the network.” 

By taking a more proactive stance to risk management, drinks manufacturers can stay ahead of emerging threats and safeguard their critical assets to minimise disruption and downtime. 

“Every asset – from sensors to security cameras – must be discovered and identified, threats, vulnerabilities and risks must be protected, and findings must be effectively managed,” says Armis’s Buenano. 

Manufacturers also need to realise that, when it comes to making sure their supply chains can withstand even the most sophisticated of attacks, it is not just about the technology they use.  

“It’s about people, processes and having robust plans and agreements in place to manage all these risks,” says Demoranville. “By integrating cybersecurity into the existing food safety culture and taking these practical steps, drinks companies can strengthen their defence against potential threats.” 

As data from the likes of Armis shows, it is clear that drinks manufacturers need to take the threat of cybercrime seriously. 

Just last month, California-based Crimson Wine Group was the victim of a cyberattack by the ransomware group Abyss. The attack resulted in a significant data breach, with approximately one terabyte of sensitive information being compromised.  

The company’s operations were disrupted by the breach, as it was forced to shut down certain systems and isolate its functions from the internet. 

It is the continuation of a worrying trend with industrial cybersecurity company Dragos tracking seven ransomware incidents relating to food and beverage companies in the first quarter of this year.  

As these numbers highlight, the cybersecurity threat faced by drinks manufacturers is unlikely to go away any time soon.