As the lines between digital and physical continue to blur especially amid the Covid-19 pandemic, contactless payments and digital transactions have become the new norm. A report published by IBEF said that the Indian e-commerce market is growing at a steady pace and is expected to be valued at $200 Bn by the year 2026. In the same report, it was stated that internet users in the country will increase to 829 Mn by the year 2021. If that sounds promising, there’s a bigger threat lurking around that requires immediate attention – cyber-security.
The food industry’s future is uncertain. Restaurants and food companies, food manufacturers, farmers, and producers who survived the 2020 and 2021 lockdowns are entering a new era. Some competition has been eliminated, new competitors are entering the market, and consumer tastes and habits have shifted.
The food industry is more complicated than most people realise. Its diverse industries include biotechnology, agriculture, manufacturing, logistics, and retail. All of these industries must collaborate safely in order for the overall process to result in sustenance for the public.
While the larger food industry is massive – a multi-trillion dollar sector — food makers are quite often in tiny businesses. Three-quarters of the industry is made up of businesses with less than 20 employees.
Insecure food firms might expose themselves to a broader range of dangers, such as resource hijacking for other cyber-attacks, destroying equipment to cease production, customer or business data theft, ransomware attacks, and others. The inherent dangers of perishable goods can jeopardise human health and safety.
A New World of Food Industry Threats and breach
The food industry has its share of intrigue. And as the food industry grows more digital, so do the threats. Food processing is attractive as a target for ransomware. This is partly because of the short shelf-life of food, and partly because of the damage to a business’ name. If buyers are uncertain about the safety of food products, the business could be damaged in a big way. It’s also true that food companies tend to have lower margins and therefore less financial cushion against costly attacks and fewer budgets for costly security staff.
Data, the valuable asset of the information age, is tricky to hold and even more strenuous to guard. With the data breaches in 2020 and 2021 in India has increased by 37% compared to the first quarter of 2019, the Techworld gapes with a staunch dilemma when the fraudsters feed on their databases slowly.
The minimum total cost of the leaks in India reached up to Rs. 14 crore in 2020 as reported by IBM study. This statistic puts India as one of the top countries in cybercrime. The Work From Home (WFH) scenario has led to a massive digital shift. According to a digital monitoring firm, 15 billion credentials are up for sale with the close of the pandemic spawned lockdown.
Case study
Big Basket
The e-grocery BigBasket data leak is believed to be the biggest loot in Indian cyberspace. A global security firm reported that the information of 20 million user accounts in the cybercrime market. The breach manifested on October 30th, 2020, and was soon put on sale for 3 million rupees. The news was confirmed only by November 7th when the company agreed to the leak.
BigBasket database of over 20 million customers has allegedly been leaked on the dark Web, months after the online grocery delivery platform confirmed a data breach. The alleged database includes the email addresses, phone numbers, and hashed passwords of the affected customers. The data also allegedly carries physical addresses and date of birth of BigBasket users. Although the database that is available for free access on the dark Web includes user passwords in an encrypted form, another hacker has claimed to have decrypted some of the leaked passwords.
The alleged BigBasket database has been put on the dark Web by a hacker group infamously known as ShinyHunters. It includes details such as the email addresses, names, date of birth, and phone numbers.
Haldiram
Haldiram Snacks Pvt Ltd. suffered a major breach issue that shook users. Haldiram’s witnessed a ransomware attack by hackers who encrypted all its files, data, applications, and systems. The hackers had demanded a ransom of $7, 50,000 for giving access to the stolen data.
The mithai and snack maker filed a complaint to the cyber cell and it was found out that the server was hacked and hit by malware popularly called Ransomware.
Restaurant chain Mithaas
Cybercriminals also hacked data of restaurant chain Mithaas with ransomware, with Noida police launching a probe into the matter. The case came within a fortnight of a similar incident with Haldiram’s, whose servers were also attacked with ransomware, a virus used to encrypt data by hackers who then demand a ransom to decrypt it.
The hacking and ransomware implant at Mithaas server took place in the afternoon due to which all data was encrypted in a particular format due to which complete data became useless with a ransomware screen in front which asked to contact them for further information of recovery.
The company, which runs outlets in Noida, Greater Noida, Ghaziabad, and Meerut, said it has been provided a recovery link and the compromised system is located at their office in the industrial Sector 63 in Noida.
Dominos
Pizza delivery service Dominos India is the latest victim of a massive data breach that exposed order details of 18 crore Pizza orders made via the service. The data breach, first spotted by an Internet Security Researcher includes 130TB of employee data files and customer details.
The attackers who are responsible for the breach also created a webpage on the dark web that pulls the data for any of the leaked order details simply by searching for a phone number or an email address. The data now appears to be publicly available and anyone can search for it easily. It no longer requires a browser like Tor or Onion.
Any user who has ordered from Dominos India via a phone call using their phone number or email ID could have been affected by the leak. The leaked information included the details of some transactions which revealed the order delivery address, the date, the name, phone number, and email ID of the customer, precise latitude and longitude coordinates of the address, total number of transactions, and the total amount spent on transactions in rupees.
Data Breach Attack on Dunzo
In July 2020, Dunzo, a Google-owned on-demand delivery startup, officially confessed that it had suffered a data breach attack. The attack exposed user email addresses and phone numbers. However, according to the company’s CTO, no transactional payment details were leaked.
Juspay Cyber Attack
Even payment processing companies have fallen prey to such attacks on multiple occasions. In August 2020, Juspay’s payment servers were accessed in an unauthorized manner. As a result, 100 million users’ data was leaked on the dark web. The data included names, mobile numbers, and email addresses of the cardholders, along with the first and last digits of cards.
Amazon India, Flipkart, Swiggy, and other e-commerce platforms were in collaboration with Juspay for payment transactions. According to Amazon, no after-effects of the breach were reflected on their platform.
Dire situation – Recurring cases of the data breach
The situation in India, with relevant requirements of online data but without adequate rules and regulations to check, is cumbersome for the country as a whole. Indian Cyber-law only a single act in-store, the Information Technology act of 2000, that defines cybersecurity only as lip service to the cybersecurity legal framework.
The situation in Indian cyberspace is worsening as we ponder on the topic of data breach matters in India. Yet, stringent laws, cybersecurity awareness, and acknowledgment of victimization by various malicious activities can curb the condition. It is high time to act for safety and privacy because, honestly as spoken by researchers, there is nothing the user can do once the data is out.
IoT Security in the Food Industry is Changing Fast
Every recipe has a history, like the memories and enjoy your family might find during a meal. For IoT security in the food industry, the pandemic drove many changes. For example, it sped up the adoption of automation to minimize workers packed together in processing plants.
The pandemic also required many workers in the food industry to work remotely, further expanding the attack surface. Those create problems with IoT security and other aspects of keeping threat actors out.
Many parts of this complex chain have embraced IoT security. In food processing and manufacturing, companies are melding information technology with operational technology — the IT/OT convergence. IoT devices are beneficial to farming, shipping, manufacturing, and retail.
Restaurants felt one of the biggest impacts in the food industry. They were already open to attack because they use a large number of suppliers, partners, and vendors and tend to have high employee turnover. While people still kept eating and drinking during the pandemic, they weren’t able to do so indoors. The restaurant industry got creative, offering home delivery, curbside pickup, and other innovations. These changes involved a huge shift to internet-based or app-based digital payments, over in-store payments via credit card or cash. The old credit-card-in-the-vinyl-folder system for payments in American restaurants was never secure. But at least only local and known attackers (usually rogue employees) could use it. Online payments open up restaurant attacks to the entire world.
Many restaurants are embracing cloud data services, which can be more secure. However, they may not be investing in the expertise for managing cloud data security.
The longer-term trends in how food is produced also drive the recent change. Precision agriculture is the farming equivalent of enterprise digital transformation. The precision agriculture revolution brings together satellite data, IoT-based sensor data, mobile apps, GPS, drones and the cloud to lower costs, improve yields and drive efficiency.
What do all these changes have in common? They all involve an increase in the attack surface. IoT security needs to grow at the same rate.
The Trouble with Food Manufacturing Cybersecurity
In the world of manufacturing, generally, the most critical point of risk often comes at the level of the industrial control systems (ICS). This is where both manufacturing data breaches and shutdowns can occur.
One reason food processing is a target is because of outdated legacy ICS. Another problem is that managers often leave these systems to people who are experts in food manufacturing, but not in cybersecurity. Incorrect or lackluster software and firmware patching can cause openings in ICS systems, leading to zero-day holes just waiting for an attacker to come along and exploit them.
Food can go bad and needs to be cooled or handled in special ways. Because of this, the entire chain needs to proceed quickly and without interruption. Production and manufacturing shutdowns can damage or destroy the business, ruin the product and make it unsafe for consumers. That harms cascades down to partners and suppliers.
New Tech Demands a New Emphasis on Safety
So, how do you update your IoT security in the food industry? Here’s the recipe:
- Conduct end-to-end cyber risk assessments, looking for systems that need to be updated regularly and making sure those updates happen.
- Connect and encourage openness between ops and IT to make sure everyone is on the same page.
- Boost cybersecurity awareness training for all processing and operations staff.
- Review all systems that attackers could access remotely and make sure they have security protocols.
- Create or update your incident response plan.
- Review who has access and what the nature of that access is. Limit write access to only those who need it. Remove access altogether for anyone who doesn’t need it.
- Shut down connection points when no one is using them.
- Move away from legacy equipment with unchangeable passwords. Use good password management for the remaining systems.
- Acquire the expertise you need based on your actual platforms and systems. This is especially true when using the cloud.
- Embrace the right security tools, leveraging automation and intelligence, for your industry and needs.
- Make sure you can update all IoT tools and all software and keep them up to date.
Epilogue
What if you were confronted with a pretty straightforward question, say something like this- were 2020 a dark year only for the pandemic and the many many lives that were lost due to the COVID 19 virus? What would your response be to such a probing statement, a rather befuddling point?
Turns out, given the rising rate of cyber-crimes, 2020 wasn’t just a bad year owing to the COVID 19 pandemic and the irreparable damage it caused that led to hundreds of thousands of lives lost, all across the world.
We are unless you are very much mistaken that you’re living in some ice age where only hunting and eating your prey are the vital activities of life, in very dangerous times. Never before have individuals and businesses been as dependent on the World Wide Web for business activities and transactions as what one finds today.
And in 2020, when much of the world’s active business work had been suspended due to the alarming rise in the COVID 19 cases, the real-time activities shifted base; moving from the physical or tangible to a complete overhaul of operations, shifting completely to the online way of life. And implicit in this change came the potent rise of a threat the world is yet to win the battle against.
The rise of cybercrime -The thing that becomes an unmitigated disaster- cyber-attacks. And 2020 was a particularly dark year concerning Cyber-attacks in India.
How was this and what led to all of this?
India reported the second-highest number of cyber-attacks after Japan in the Asia-Pacific region in 2020, according to the annual IBM X-Force Threat Intelligence Index. According to this report, India accounted for 7 percent of all cyber-attacks observed in Asia in 2020.
The report added, “Finance and insurance was the top attacked industry in India (60 percent), followed by the food industry, manufacturing and professional services.”
Ransomware is the topmost cyber-attack threat comprising 23 percent of the attacks. Sodinokibi (REvil) ransomware alone made minimum profits worth $123 million, as per the IBM report. Besides this, digital currency and server access attacks also affected Indian companies last year.
The above told, what’s rather stunning in not such an uplifting sense of the word is that implicit in the rise of Cyber-attacks in India was a strange development. It concerned cyber-criminals targeting critical components of the vaccine supply chain.
The fact that even relief measures and public health information portals were subjected to spam targeting and malware by cyber-criminals formed a series of harrowing experiences that simply go onto state just how insidious a thing a cyber-attack is and can be.
Now, think for a second about this very troubling fact: that India alone accounted for nearly seven percent of all the Cyber-attacks in all of Asia goes onto suggest what a disaster the bygone year 2020 truly was.
Even as 2020 is now a thing of the past, it truly has taught us about the perils of cyber-crimes. The key question, however, remains- have the key lessons have been learned?