“Do you guys have free Wi-Fi?” Walk into a café, and this innocent question is typically met with a kind gesture by the service staff pointing to the Wi-Fi details.
It might not seem instinctive to think of food and beverage (F&B) businesses as cyberattack targets. However, given the widespread accessibility of their networks and the amount of confidential data they collect from memberships and online orders, these businesses are becoming more vulnerable and susceptible to these attacks.
Cyberattacks not only destroy a company’s reputation and credibility but also affect its profitability models. F&B business leaders need to understand the weight of cybercrimes and fortify their cybersecurity measures – seeing that these attacks have significant implications.
Rise of digitalisation in F&B establishments
In recent years, many businesses in the industry have moved to the cloud and tapped into e-commerce to cater to changing consumer behaviour. Recognising the importance of this transformation, the Information Media Development Authority (IMDA) of Singapore launched a refreshed Food Service Industry Digital Plan in 2021 to promote the adoption of more advanced technology solutions among F&B businesses. These solutions aim to address labour shortage challenges and increase operational efficiency through digital, interconnected services.
The increased connectivity of networks and devices is an evolution that is welcomed. However, this has brought about greater attack surfaces as there are more data collection and sharing points within the F&B establishment: Point-of-sales (POS) systems, Internet of Things devices, and Wi-FI landing pages to name a few. It is then vital for businesses to deploy proper cybersecurity measures to protect valuable data and customer information.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
F&B establishments face heightened exposure to cyberattacks
Last September, data from over 330,000 Starbucks Singapore customers were sold online for $3,500. While the breach did not include valuable credit card information, the number of individual customers affected does reveal that simple entry points – landing pages for loyalty-points programmes, login pages for complimentary Wi-Fi, and staff-specific Wi-Fi routers are not immune.
Cyberattacks target valuable data, resulting in extended recovery periods and losses for businesses. In the event of a botnet malware or ransomware attack, businesses may need to rebuild their IT systems and pay fines for compliance breaches. With much at stake, how then can F&B businesses overcome these cyber risks?
See also: Break up Google? What’s at stake in antitrust action
Fortifying F&B businesses
The challenge is not a doom-and-gloom scenario. F&B establishments should strengthen the digital aspects of their operations, especially since cyberattacks are now designed to remain dormant and gradually infect more systems over time. Cybercriminals often use the Domain Name System (DNS) as a preferred method to introduce malware into systems.
POS systems can be a focal target in this scenario. Malicious software often infiltrates POS machines by exploiting DNS gateways, enabling cybercriminals to collect and steal valuable information. For instance, credit card data that is temporarily stored in the machine's memory (RAM) during processing can be compromised.
However, there is a solution to mitigate this challenge: DNS Firewalls. These specialised firewalls are designed to counter malware attacks and provide an effective defence against DNS-based threats. F&B businesses can establish clear boundaries and create protective measures for systems, wireless devices, and mobile devices that interact with customer data during transactions by incorporating this tool into their security infrastructure.
F&B businesses can grow receptivity to technology beyond improving efficiency and profitability. Cybersecurity may not come naturally as a priority for many in this sector, yet it is becoming increasingly important to everyday consumers. Hence, having dedicated IT professionals are no longer a luxury, but a necessity for F&B businesses.
IMDA and other public agencies have made resources available to equip F&B businesses with the cybersecurity skills needed. Businesses can use assessments to ensure their cybersecurity measures align with regulatory requirements. Private companies are also bolstering this digitalisation journey by providing catered cybersecurity services – taking into account how mid-market companies require cost-effective solutions as they seek accelerated growth.
The reality is that more elements of F&B businesses are being mediated through potentially vulnerable platforms such as cashless, contactless payments and cloud-connected servers. Without proper cyber defences, F&B companies are sitting ducks waiting for cybercriminals to walk in, order a cup of coffee and ask the innocent question, "do you guys have free Wi-Fi?"
Paul Wilcox is the vice president of Asia Pacific and Japan for Infoblox.
