Cybersecurity – a vital part of your company’s safety culture

By Kristin Demoranville 

Incorporating safety programs into an organization’s culture is paramount in the food industry, where the integrity of the food supply chain is critical. Different safety program cultures, such as fire safety, food safety, and cybersecurity, must work together and be ingrained into an organization’s daily operations. 

In today’s world, integrating cybersecurity programs into an organization’s safety culture is equally important as fire and food safety programs. Fire safety culture is an excellent example of cultural training in practice. After all, most of us recall the familiar phrase “stop, drop, and roll.“ While the exact words may differ across countries and languages, it is a simple, memorable method for extinguishing a fire on oneself. Fire safety also isn’t just about preventing fires but aims to minimize damage to property and life through practicing fire drills, installing smoke detectors, and using fire-resistant materials.  

Proactive cybersecurity involves planning to prevent cyber-attacks and their impact on the food supply chain’s safety and security.

Similarly, proactive food safety practices involve measures to prevent contamination, such as proper sanitation, food storage, and regular equipment maintenance. Likewise, the growing dependence on technology in the food industry has made it indispensable to any food plant’s safety program. Computers are now integral to the food industry. They control everything from ingredient mixing to cold storage, drone use, supply chain logistics, and more, and unfortunately, these systems are susceptible to cyber–attacks. In 2021, a ransomware cyber-attack on a milk distribution company in Wisconsin, USA, caused a large milk processor to shut down a plant and dispose of their expensive product.  

Cybersecurity incidents can significantly affect an organization’s reputation and finances and even result in loss of life. Proactive cybersecurity involves planning to prevent cyber-attacks and their impact on the food supply chain’s safety and security. It also incorporates cybersecurity measures and education into the food safety and security strategy. Effective collaboration between the food safety, IT, and security teams is crucial for achieving a unified culture. Cross-organizational collaboration ensures that suitable cybersecurity measures are integrated into the overarching strategy, which prevents cyber-attacks from jeopardizing the integrity of the food supply chain.

As you integrate cybersecurity programs into your organization’s culture, consider the following simple checklist of action items: 

• Cybersecurity: Identify potential threats and develop a plan to counteract them. Regular risk assessments are vital to identifying potential cybersecurity issues. Implement measures to mitigate problems, invest in appropriate cybersecurity controls, and restrict computer system access. Consistent sector-specific cybersecurity training for employees will also help embed these considerations into the company’s culture.
  
  
• Communication and collaboration between different teams: Effective cooperation between the food safety, IT, and security teams is essential for achieving an integrated culture. Regular meetings and touchpoints increase awareness of potential threats and ensure that teams work together to prevent them. Working together is the best resiliency strategy for people and processes.
  Unlock your FREE access to premium food safety resources NOW!
  
• Business Continuity Plans (BCPs): Invest in preventive measures and establish a plan to respond quickly and efficiently during a cybersecurity-related crisis. Food safety practices involve implementing measures to prevent contamination and enable a swift response to potential outbreaks – cybersecurity should follow suit. Investing in appropriate preventive measures and cyber-physical security controls is crucial. Creating a cybersecurity-focused BCP involves three fundamental steps to ensure organizations can effectively respond to crises.

• First, conduct a risk assessment and analysis to identify critical assets, assess potential threats and vulnerabilities, and evaluate their potential impact on the organization.
• Second, develop and implement preventive and mitigation strategies, including cybersecurity controls, procedures for containment and recovery, and incident response and communication plans.
• Finally, test, review, and update the BCP regularly while training employees on their roles and responsibilities during a cybersecurity incident. By following these steps, organizations can establish an effective BCP to minimize disruptions and mitigate damage during cybersecurity crises. 

In conclusion, cultural integration is essential for ensuring the safety and security of the food supply chain. Accomplishing an integrated food resiliency culture necessitates investing in preventive measures, an efficient plan for rapid and effective response, education, and collaboration between different teams. 

Like the fire safety mantra of “stop, drop, and roll,” during a cyberattack, one should “stop, report, and mitigate.”  Create a memorable method for dealing with a cyber-incident and make it common knowledge. 

Stop:  Immediately cease any activity that may exacerbate the situation or compromise the system’s security. In cybersecurity, “stop” means recognizing when a potential cyber threat or attack is occurring and taking immediate action to prevent further damage. This may include disconnecting the affected device from the network, stopping any ongoing processes, or refraining from clicking on suspicious links.

Report:  Promptly notify the appropriate parties, such as the IT or security teams, of the suspected threat or cyber-attack to initiate a rapid response. “Report” emphasizes the importance of communication when a cybersecurity incident occurs. Employees should be encouraged to report suspicious activity or potential cyber threats to their IT or security teams without fear of repercussions. Timely reporting can minimize damage and speed up the recovery process.

Mitigate:  Implement measures to contain the impact of the threat or attack and initiate recovery procedures to restore normal operations as soon as possible. “Mitigate” refers to taking action to minimize the damage caused by a cyber threat or attack and to prevent its spread. This may involve isolating affected systems, removing malware, patching vulnerabilities, or initiating a business continuity plan to ensure minimal disruption to the organization’s operations. 

By investing in these action items, the food industry can minimize potential threats and ensure the safety and security of food for the public. 
Stay ahead with the latest in Food Safety! Free subscription, unlimited access. Sign up now!

About the Author:

Kristin Demoranville is the Founder and CEO of AnzenSage, a cybersecurity resilience firm specializing in the food sector. She holds a B.S. in Environmental Management and has 25 years of experience in technology and cybersecurity. Her unique blend of operational technology, cybersecurity, and risk management knowledge equips her to address the food industry’s distinct challenges.