Liability Insurance Contributing Columnist

 


BEC Causes
Dairy Products
To Go MIA

Jen Pino-Gallagher
Director of Food & Agribusiness Practice
M3 Insurance
jen.pinogallagher@m3ins.com

March 31, 2023


 

The dairy industry is full of acronyms that are pertinent to the industry, like PMO, FMMO, CWT, PCQI. The FBI is asking that dairy processors add another acronym to their repertoire: BEC.

BEC — business email compromise; that crafty under-handed technique that cyber-criminal gangs use to steal funds or gain access to confidential company information. By creating an email that looks nearly identical to a customer or vendor email, the cyber criminals trick their victims into sending money or divulging confidential company data.

This tactic is now being used against the dairy industry — not to steal data, but to steal product. The result: hundreds of thousands of dollars’ worth of stolen dairy products.

The cybercrime against dairy and food processors has reached such a critical point that the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the USDA released a joint Cybersecurity Advisory (CSA). The advisory warns the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients.

According to the advisory, in April 2022, a US food manufacturer and supplier received a request through their web portal inquiring about pricing for whole milk powder purportedly from another food company. The spoofed food company email used the name of the president and the company’s actual physical address. The ingredient supplier ran a credit check on the company, extended a line of credit, and the first of two shipments — valued at more than $100,000 — was picked up from the supplier.

In February 2022, four different fraudulent companies placed large orders for whole milk powder and nonfat dry milk from a food manufacturer. The orders, valued at almost $600,000, were picked up, and the victim company was unaware something was wrong until they did not receive payment. In all four instances, real employee names and slight variations of the legitimate domain names were used.

So what’s a diary processor to do?

According to Matt Thomson, director of cyber liability at M3 Insurance, some of the easiest-to-implement strategies to defend your operation against a business email compromise include:

• Security Awareness Training – Include these examples in your security awareness training. Security awareness training should be an ongoing and evolving program that should address threats that are relevant to your business. Technical controls can’t stop every activity from cyber criminals, so informed employees can act as a human firewall for your organization.

• Review and Update Business Processes – Understand these scenarios and determine if any business processes need additional verification, and at what level. For instance, you may want to use a phone call to verify any new customer/client before processing their first order to ensure a cybercriminal hasn’t attempted to impersonate the customer. The level at which your business will require this type of verification may differ based on your size.

• Review Your Cyber Insurance Policy - Work with your insurance broker to review and verify that your cyber insurance policy would cover these losses. In general, this would be a social engineering fraud claim.

• Implement Security Controls for Email Systems – Two controls that can greatly help prevent your organization from falling victim to business email compromise are multi-factor authentication (MFA) and advanced email filter, sometimes referred to as a secure email gateway (SEG). MFA adds additional protection for your users who have weak passwords or have had their password compromised. SEGs can identify and stop more advanced spoofing or phishing emails that your employees may be at an increased risk of falling victim to.

By staying diligent, training your employees, and implementing strong security controls, dairy processors can make sure BEC does not become part of your standard acronym dictionary
. JPG


Jen Pino-Gallagher is director of the food and agribusiness practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits. The views expressed above do not necessarily reflect those of Cheese Reporter. You can contact the columnist by calling (800) 272-2443, or by visiting www.m3ins.com.

 

Jen Pino-Gallagher

Jen Pino-Gallagher is a Director of Food & Agribusiness Practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits.
For more information, call (800) 272-2443 ,jen.pinogallagher@m3ins.com visit www.m3ins.com.


Recent M3 Insurance Columns

Unique Case Creates Uncertainty for Dairy Processors
March 24, 2023

Safety Never Takes A Vacation
September 9, 2022

Cheese With a Sprinkle of Construction Dust?
August 12, 2022

The Do's and Don'ts of Dairy Industry Cybersecurity
October 29, 2021

Addressing the Talent Shortage: Using Social Determinants of Health to Attract Workers
September 17, 2021

Open Ports are Good for Trade - Not for Cybersecurity
July 9, 2021

Three Questions To Ask When Times Get Tough
January 22, 2021

Ready, Set...Go?...Back to the Office
July 10, 2020

As Food Safety Changes Course, Need For A Strong Workforce Is Constant
March 27, 2020

The Bakery Methods of Accounts Receivable: To Collect...Take A Number
January 24, 2020

Minding Your P's & Q's With Your D's & O's
October 11, 2019

Recovering From An Insurance Non-Renewal
March 1, 2019

Food Safety: Whose Job Is It? 5 Ways Human Resources Influences Food Safety
October 5, 2018

Well, That's Cheesey! how Cheese Names Have Gone From Quaint to Contentious
April 13, 2018

Three Steps to Managing The Risks In Dairy Plant Expansions
by Jen Pino-Gallagher
March 2, 2018

When Acquiring A Company, No One Likes To Hear "Surprise"
by Jen Pino-Gallagher
January 19, 2018

When Sales Go Global: Minimizing Complexity-Maximizing Control
by Jen Pino-Gallagher
August 11, 2017

A Tool For Improving Your
Insurance Coverage
by Jen Pino-Gallagher
July 8, 2017

Food Grade Product Liability Insurance for Your Food-Grade Products
by Jim Brunker

June 9, 2017

 


What do you think about 
Jen Pino-Gallagher's Comments?*



Please tell us if you are a
Dairy product manufacturer 
Dairy marketer /importer/exporter
Milk producer
Supplier to manufacturer
s