JBS, one of the world’s largest meat companies, had poor cybersecurity measures in place prior to the ransomware attack it experienced in May 2021, according to BitSight, a cybersecurity risk management firm. The attack, perpetrated by the Russian hacker group REvil, disrupted JBS’s operations worldwide and concluded with the company paying an $11 million ransom.
Cybersecurity experts have highlighted that JBS’s level of protection against cyberattacks was inadequate compared to other companies in the food production sector. The attack on JBS exemplifies the vulnerability of the entire industry to such cyber threats, which occur quietly and frequently, according to John Hoffman, a senior research fellow at the Food Protection and Defense Institute at the University of Minnesota.
Investigative reports obtained by Investigate Midwest reveal that BitSight informed national security officials that JBS had numerous issues with its computer system. In an email, BitSight Vice President Jake Olcott stated that JBS’s “overall rating was poor and outside the typical range for Food Production companies” and that there’s been an observation of a “massive number of malware infections on JBS over the last year (including Conficker).”
The Federal Bureau of Investigation (FBI) issued a warning to food and agriculture companies in 2021, alerting them to the increased cyberattack risks faced by the sector.
“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems,” the FBI warned.
According to Hoffman, the main obstacle to improving cybersecurity in the food industry is cost. Implementing stronger security measures requires substantial investments, and there needs to be a tangible return on investment to approve such expenditures, Hoffman said.
These revelations about JBS’s inadequate cybersecurity measures and the subsequent ransomware attack highlight the urgent need for stronger protection and improved cybersecurity practices in the food and agriculture industry.