For the complex, connected networks of manufacturing systems that span the globe, computer viruses can bring business operations to a standstill. 

In 2017, a series of cyberattacks using the Petya malware infected thousands of servers and tens of thousands of laptops belonging to Mondelēz International hit production and cost nearly $200m in damages. In January this year, US wine producer Crimson Wine Group reported a cybersecurity breach involving hackers who had extracted potentially sensitive data. 

Attacks are on the rise. According to one report, global cyberattacks more than doubled in 2023, with manufacturing found to be the second most at-risk industry, having faced a 165% increase from the previous year. 

During the third quarter of 2023, food and drink manufacturers in particular were the most targeted sub-sector of the manufacturing industry, according to research by cybersecurity firm Dragos.

“The manufacturing industry is a prime target for cyber attackers, who are increasingly using multi-faceted extortion and espionage tactics to gain access to sensitive data and disrupt operations,” Vinod D’Souza, head of manufacturing and industry at the office of the chief information security officer for Google Cloud, tells Just Drinks.

“Additionally, legacy operational technology (OT) systems could be exploited for their vulnerabilities. These attacks can be difficult to detect and mitigate, as they often exploit vulnerabilities in third-party software or hardware.“  

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Just Drinks.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

As the beverage industry evolves into intelligent networks of Industry 4.0, replete with advanced analytics, artificial intelligence (AI) and industrial internet of things (IIoT) optimisation for smart manufacturing, new cybersecurity risks also arise.

Smart manufacturing on rise in drinks industry

“We are seeing a wide variety of ‘smart’ use cases in the beverage industry that are underpinned by large data sets,” says D’Souza.    

“AI and machine learning are accelerating market analysis of consumer preference data and that has made the industry more responsive to shifting consumer trends. Smart production facilities and optimised distribution networks are critical aspects of this more agile product-to-consumer ecosystem.”

These benefits include the reduced costs of implementing predictive maintenance, managing inventory and energy consumption efficiently, customised and flexible production, quality control to check defects or inconsistencies and bringing visibility to the supply chain through farm-to-fork tracking. 

Heineken, for example, has retrofitted breweries with digital capabilities and connected them to a single IoT platform called the connected brewery ecosystem. The system includes real-time data integration, predictive analytics, and even a digital twin to optimise energy usage. 

PepsiCo has automated manufacturing systems in ‘intelligent’ warehouses that use robots, sensors, and IoT technologies for optimised production.

Why are smart manufacturing systems more exposed?

However, these benefits bring amplified cybersecurity risks with them. Previously, information technology (IT) and OT systems were separated physically, making OT systems less susceptible to cyberattack.  

“Connecting OT to the internet and IT networks enables data sharing and efficiency but also exposes these systems to potential exploits,” says D’Souza. “Not only are all components of the factory floor connected to each other, increasing the risk of a cascading failure in the event of an attack but they are also connected to the internet, which exposes the system to a global interface of cyber risk.   

This is a view to which Michael Metzler, vice president of horizontal management cybersecurity for digital industries at Siemens, also subscribes.  

“Industrial control systems and Supervisory Control and Data Acquisition systems are integral to automated manufacturing processes and are also potentially vulnerable to cyberattacks,” Metzler tells Just Drinks.

Thomas Richards, principal consultant at application security testing software provider Synopsys Software Integrity Group, adds: “Attackers are focusing more on less mature industries and without proper network segmentation, authorisation, and access controls, the smart manufacturing network is at risk for ransomware or other cyberattacks.”   

According to a report by GlobalData – Just Drinks’ parent – into cybersecurity in the consumer goods sector, components of manufacturing systems can also vary in vendor, model and age, making it challenging to standardise cybersecurity software across the factory floor. 

Rory Gopsill, a senior consumer analyst at GlobalData, explains: “One of the problems international companies are facing is that they have lots of production facilities around the world, all of which contain lots of different machines and systems that often differ in vendor and installation date. This means it can be very difficult for these big companies to maintain visibility over their machines and systems (i.e. the attack surface for threat actors) and to coordinate security practices in any simple way.“ 

Smart manufacturing is also dependent on big data.  “Additionally, there will be data dependency as meaningful insights from massive data sets are generated by large numbers of connected sensors and if this data is compromised or manipulated, it could lead to inaccurate insights, poor decision-making, and operational disruptions,” D’Souza says.

Moreover, the increased reliance on third-party software, cloud services, and interconnected systems increases the risk of both physical and software supply chain attacks. 

“A breach in a supplier’s system could compromise the entire manufacturing process and dependent software supply chain,” D’Souza adds.

Finally, he notes, the use of remote access for monitoring and control can expose the system to increased risk of unauthorised access and potential sabotage if the security protocols are inadequate: “Compromised IoT devices can grant attackers access to the broader network, disrupt operations, and exfiltrate sensitive data.”

These risks can have a significant impact on operations in the drinks industry, leading to halted or slowed production lines, product quality degradation – including manipulation of recipe formulations or contamination – financial losses, delays and disruptions in the supply chain, breached contracts, litigation risk and safety hazards to works and consumers.

How can smart manufacturing systems be secured?

“One major threat is ransomware attacks, which can encrypt critical data and systems, bringing production lines to a standstill,” says Metzler. “Recovery from such attacks often incurs substantial costs, both from potential ransom payments and the effort to restore systems from backups.”  

Attacks can also include phishing, malware, and supply chain threats. In the future, D’Souza predicts that there will be increased sophistication and frequency of attacks, the rise of AI-powered attacks, further expansion of the attack surface and more supply chain attacks.

“Manufacturing networks have historically been difficult to secure due to the sensitivity of the equipment when conducting security assessments,” says Richards. “Proper design, threat modelling, and testing practices need to be done before the networks are operational to identify potential risks and mitigate them.”  

Drinks companies are implementing proprietary solutions or turning to a range of cybersecurity providers, such as Armis Security, Claroty, Dragos, Nozomi Networks, Sangfor Technologies, PDI Software, Nagios, Rhebo and Trap X to secure their IT and OT environments.  

Coca Cola partnered with Sangfor technologies to use its endpoint security solution to secure its China operations from the ‘Driving Life’ virus, a threat known for evading traditional detection systems.  

Metzler says that Siemens recommends implementing its “multi-layered defence-in-depth concept” – extended by zero-trust principles.   

He explains: “This concept complies with the recommendations of IEC 62443, the leading standard for security in industrial automation. It comprises three pillars: Plant Security, Network Security and System Integrity. With this, all key factors are taken into account, including physical access protection and organizational measures such as guidelines and processes as well as technical measures to protect networks and automation systems against unauthorized access, espionage and manipulation.”  

D’Souza, recommends establishing a robust patch management process to ensure timely application of patches across all systems and softwares, implementing more advanced detection and response capabilities, and creating incident response and business continuity plans.   

A range of software tools are available – such as asset identification and threat detection software, remote maintenance platforms, and network management systems with integrated security features.   

Both D’Souza and Metzler emphasise the importance of investing in cybersecurity professionals who can address both IT and OT systems.   

D’Souza says: “There’s a shortage of cybersecurity professionals with expertise in both IT and OT security, making it challenging to implement and manage effective security programs.  Partnering with a hyperscaler is frequently a big value add for manufacturers in this space. Many manufacturing facilities still rely on legacy systems that may not be compatible with modern security solutions, creating potential vulnerabilities.”  

He adds that cloud computing can significantly aid companies in addressing cybersecurity risks, with some advantages over traditional on-premise solutions – such as robust data encryption, scalability, disaster recovery, secure remote access, data analytics and collaboration.   

As the cybersecurity risk landscape expands rapidly, drinks companies must secure their smart manufacturing systems to prevent the disastrous consequences of a cyberattack.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up