Ransomware and phishing attacks are no longer limited to cybersecurity companies. Back in May, a sophisticated ransomware attack managed to bring down JBS – the world’s largest meat supplier by sales temporarily shutting down plants that processed one-fifth of the United States’ meat supply. Unable to resolve the problem, JBS eventually paid $11 million in Bitcoin as to not cause further disruptions to the restaurants, farmers and grocery stores that they serve.
In an interview with the Wall Street Journal, Andre Nogueira, chief executive of Brazilian meat company JBS SA’s U.S. division explained, “It was very painful to pay the criminals, but we did the right thing for our customers.”
JBS may be the latest ransomware attack in the food industry – but experts do not think it will be the last. Meat processing plants may be the ideal targets for hackers as they often have outdated software and laxed cybersecurity.
According to John Hoffman, a senior research fellow at the Food Protection and Defense Institute at the University of Minnesota – executives in the food industry have begun to take notice. In an interview with NPR, Hoffman explains - "People just didn't accept that it was that big of a risk," he says. "I think that's changed today. I've already heard from folks in government [that] it's changed. People are looking at this and saying, 'OK, we've got to do something.' "
It doesn’t help that there are only four major players in the meat production industry including JBS. The New York Times wrote an article entitled, The Food Chain’s Weakest Link: Slaughterhouses in which they sited that just 50 processing factories account for 98% of the beef industry in the United States, according to a beef analyst, Cassandra Fish. The article written by Michael Corkery and David Yaffe-Bellany explain that even if just one meat processing plant is closed temporarily due to the coronavirus – the country could face months of shortages.
Even though Covid-19 transmissions are at an all time low due to widespread vaccinations – it doesn’t mean that meat industry’s supply chain is in the clear. Should another ransomware attack hit a major player in the meat industry – major disruptions could occur. "When you have only a few firms, in this critical midstream part of the supply chain — processing, manufacturing — the supply chain becomes very unstable. It lacks resiliency and is very subject to shocks to the system," Diana Moss, president of the American Antitrust Institute said to NPR.
JBS’ ransomware attack brings to light the need for the food industry to address cybersecurity concerns. The USDA is currently investing $55.2 million in grants to small and medium-size meat processing companies. “Through MPIRG, meat and poultry slaughter and processing facilities can cover the costs for necessary improvements to achieve a Federal Grant of Inspection under the Federal Meat Inspection Act or the Poultry Products Inspection Act, or to operate under a state’s Cooperative Interstate Shipment program,” Secretary Tom Vilsack said in a press release issued at the end of June.