Cybersecurity is a top priority for the U.S. meat and poultry industry. The industry recognizes that food supply-chains can be impacted when companies experience an IT or cybersecurity outage. It is our goal to provide the industry with general guidelines and an understanding of cybersecurity risks.
Threat Landscape
A few things are certain about the cyber threat landscape:
- It is growing.
- It is becoming easier to perform more sophisticated attacks
- The number of attacks has increased.
It’s a bit cliché to say, but it’s not a matter of if you will be compromised; it is a matter of when. And will you be prepared to respond, even a little bit prepared? Recent projections from the FBI estimate there is a cyber event / incident every 14 seconds and by the end of the decade it will be every 2 seconds. A vast majority of those incidents will include a ransom demand for your encrypted data and exfiltration of your data. The average ransom paid in 2021 was estimated to be $800,000. The cost of the ransom is only one part of the total cost of a cyber incident that includes ransomware. Recovery cost and outage time can be as significant or more as the ransom itself.
So now what? What should you do? Many are already doing a lot to protect from cyber incidents and many more are not. Regardless of whether you are part of the former or the latter, there are fundamental steps you should continue to mature or start taking. First, get an assessment from a 3rd party firm that does cyber security vulnerability assessments. There are many firms that perform this work and do it well. Next, build a roadmap of steps to take to improve. Some things will be easier than others, some will take longer than others.
Good fundamental information technology management is one of the best defenses to minimizing the impact of cyber incidents. There is no finish line when maturing your ability to protect and secure your organization, but there is a starting line. Get past it and start moving.
The Fundamentals are Key
Meat Institute members have access to industry best practices and guidelines to help mature their cybersecurity programs and to assess cybersecurity risks within their facilities. We provide webinars for members, access to CISOs and security leaders, and thoughts on controls that can be implemented to reduce risk.
The following resources have been made publicly available to assist the entire industry in our shared goal to build resiliency and protect the food supply-chain.
Recommended minimum baseline controls:
- Backup/Restore – Critical business assets should be backed-up and successfully restored in a timely data manor. Backup infrastructure and backups are protected against modification or loss. Restoration of backups is tested on a regular basis.
- Vulnerability Management / Patching – Understand your assets (internal and external) and scan them for vulnerabilities. Vulnerabilities can include software, hardware, or configuration issues. Identify exploitable weaknesses and implement a program to remediate vulnerabilities based on criticality. Eliminate technical debt and end-of-life environments.
- Visibility, Segmentation, & Logging – Understand assets and their criticality within your environment. Ensure network segmentation between assets using network VLAN and firewall technologies to protect data transfers and eliminate ability for threat actors to laterally move on the network. Restrict how assets talk on the network. Gather and analyze critical logs and events from endpoints, network, and other assets.
- Email / Web protections – Setup domain protections to protect your own email and web domains from lookalikes, hijacking, and spoofing. Configure your email system to evaluate (SPF, DMARK, DKIM) protections to mitigate risks. Use a secure email gateway to block common threats, SPAM, and Phishing attacks. Configure email and productivity software to block and not open known malicious file extensions and macros by default. Implement web and DNS filtering.
- Incident response / Tabletop Exercises – Create and test playbooks and response plans to handle security incidents. Document decision trees and create a call tree. Define roles and responsibilities during incidents and include legal, comms, and business partners in tabletop exercises.
- Endpoint Security – First-line of continuous defense for a company. Detections and remediates unknown, unauthorized, and malicious actions. Implement measures to protect all endpoints - both traditional IT and Operational Technology (OT) assets. Leverage EDR, XDR capabilities over traditional Anti-virus/Anti-malware solutions.
- Access Management / Local Admin – Enforce a least-privilege mindset as you manage access to data, systems, and applications. Require multi-factor authentication for remote access and access to sensitive data. Change default passwords. Rotate system password and do not re-use accounts and passwords. Establish good account hygiene around on-boarding and off-boarding employees and system accounts.
- Awareness – Educate end users on security best practices regularly (monthly). Focus on using strong passwords, social engineering, and phishing topics. Test end users to understand their resiliency and improve your awareness program.
Related Materials
Information Security Controls: Recommended Baselines and Objectives
June 26, 2022
A robust cybersecurity program helps organizations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function effectively. Experts from NAMI’s Cybersecurity Committee have joined to share their collective recommended practices to help the industry protect itself from disruption caused by cyber-attacks. The webinar serves as a baseline for continued education on specific cybersecurity elements and include pro tips on various topics, including backup/restore, incident response, vulnerability management, endpoint security, access management, and more.
Cyber Attacks: Steps for Immediate Response
March 30, 2022
With world news sources citing increased risk of cyber attacks due to Russian conflict, among other factors, now more than ever businesses should be prepared in the event they are targeted. Careful planning and mitigation strategies are key, but what are the immediate steps to take if you fall victim to an attack? This webinar, with cybersecurity experts from within our own industry, addresses the current risks and provide critical information on best practices in responding to a cyber attack.