Ransomware attacks putting supply chain at stake

Curbing ransomware risks in the food industry

Once again as we have seen in preceding years the threat of ransomware continues to loom large in the rear-view mirrors of CEOs globally as a spate of attacks have occurred in the first weeks of 2022. The most recent attack was on KP Snacks, a 169-year-old FMCG company in the UK that has compromised its IT systems and, thus, is currently unable to safely process orders or dispatch goods.

The company looks to have carried out the correct incident response actions whereby they have enacted their cybersecurity response plan, engaged the assistance of a third-party digital forensics firm, liaised with their legal advisors, and communicated the situation to relevant stakeholders including their suppliers and the wider public.

They have entered the initial containment phase of the ransomware response playbook where they will scope out to what extent the malware has impacted systems, identities, and data. From there the process involves isolating affected networks, reducing the ability of the malware to spread through internal systems, and locking down relevant accounts. They will then move to the eradication phase which involves the sanitising of systems to ensure there are no remnants of the malware, resetting relevant credentials, running system scans, and reviewing logs for root cause remediation. Finally, they will move to the recovery phase where the sanitised or newly commissioned systems will be brought online on a clean network, applications reinstalled, compromised data will be restored to its last known good state, and slowly bringing the production network back online in a staggered and controlled way all the while with extensive monitoring and scanning in place. KP Snacks have rightly set stakeholder expectations with a potential recovery time of several weeks as they recognize these steps will need to be done in a sequential and careful manner.

Addressing the challenges of ransomware risks and implications on supply chain in the food sector

In recent years, many food manufacturers and distributors have heightened their enterprise technology security and technology risk management measures to protect against huge cyber-intrusion and hacking increases However, enterprise technology is only one side of the business cyber resilience equation.

Food and retail are some of the many vital sectors that have intensively been battling ransomware attacks. As the complexity of the modern supply chain advances, and as the division becomes more dependent on smart machinery, emerging technologies, and the Internet of Things (IoT), the attack surface inflates. Manipulating their supply chain can get expensive swiftly, which frequently stimulates the expense of ransom demands. According to the FBI, 50 to 80 percent of victims that pay ransom experience a repeat ransomware attack.

food webinar

How prepared is your organization to respond to an attack?

Here at BSI, we recommend our clients to be prepared for the eventuality of an attack and ensure they have completed a tabletop exercise where you have documented a playbook of response activities customised to their requirements, assigned responsibilities for organisational roles, and establish an arrangement with an appropriate cyber security organisation that can be called upon should the need arise. With the continuing growth in systems, internet dependency and data the effective use of security technologies are key to being prepared for an attack, to respond once an attack is initiated and most importantly to recover from an attack in a meaningful timeframe. Communications management and business continuity preparation is vital for organisations to remain resilient in the face of these evolving and malicious threats.