Digitalisation is a huge step in foodservice, driven especially by increased reliance on online delivery, as many consumers continue to dine at home. In fact, according to GlobalData’s Q1 2022 survey, the majority of global consumers claim to be concerned about eating out at restaurants because of the Covid-19 risk. As operators continue to incorporate the Internet of Things (IoT) and Cloud technology to increase efficiency in their digital supply chain, it also increases the risk of company breach, as it exposes more opportunities for human error and inadvertent security holes.
In general, foodservice providers understand the importance of cybersecurity but do not invest in the trend regularly enough. The nature of cyber-crime means that new cyber threats are constantly evolving, and therefore difficult to protect against without significant investments. In the past year, the foodservice industry has witnessed a series of cyberattacks, including the international fast-food brand, McDonald’s, which was hacked for 500GB of data by Russian-based group Snatch, after which other foodservice providers quickly put their shields up.
As restaurants’ systems transform digitally, new components to systems make the operator more vulnerable to cyberattacks than they may be aware of, and restaurants must stay informed of the security risks. Cybercriminals’ main goal is to gain access to the restaurant’s customer relationship management (CRM) software data by installing malware on a restaurant’s point of sale (POS) system. That gives the bad agents access to customers’ full data, including credit card details, addresses and personal numbers. Other targets include Wi-Fi access, phishing attacks on employees by revealing their network login credentials, or other sensitive data.
Cybersecurity solutions providers are responding to the changing landscape and are continuously developing innovative solutions and technologies to keep up with cybercriminals’ advances. Cyber-aware organisations in foodservice must adopt cybersecurity measures that allow them to be resilient, vigilant and secure, that keep their employees and partners identified and trusted, and that allow the organisation to remain risk-aware. In general, organisations fail to understand the landscape they are trying to defend. Consequently, defensive decisions aren’t taken and actions are not prioritised, leaving enterprises open to compromise.
It is highly recommended to reach out to a post-breach consultant, such as Accenture, IBM, KPMG and PwC, in an event of this nature. Post-breach consultants focus on gathering information about the cyber breach as quickly as possible; by formulating a credible PR strategy, the company is able to demonstrate that management is still in control of the business and has taken all actions possible to protect critical digital assets. All organisations should have a disaster recovery plan in place that has been tried and tested. Post-breach is not the time to bring out your brand-spanking new plan if it hasn’t been rigorously tested.
Cybersecurity is now a mission-critical business risk, not just a technology problem. Breaches are inevitable because CEOs are not sufficiently trained in this risk area as they are in other business risks. No CEO can afford to be blasé about cybersecurity. Because of the multi-jurisdictional nature of the problem, law enforcement agencies are doing little to address the growing threat of cyberattacks. In response, governments need to impose credible deterrents and hackers need to know they could be punished. Yet this is unlikely to be properly enforceable for several years. As restaurants continue to digitalise and automate their operations, ransomware will grow into a major threat.