Lion announced last week that it was back online after a major cyber attack, highlighting the potential dangers inherent in becoming a more technologically-integrated industry.

The cyber attack on Lion forced brewery production as well as ancillary activities to shut down for nearly three weeks. While Lion may have the resources to stay afloat during this time, smaller brewers, especially those already stretched by COVID restrictions, may struggle.

With automation in brewhouses increasing, as well as general reliance on interconnectivity to run a business, brewers need to be more aware of the dangers of cyber attacks.

Phil Kernick, chief security officer at Melbourne-based cyber security firm CyberCX said that the fact that Lion is a brewer did not make it any more likely to be attacked, as ransomware of this type is committed by criminal groups and targets can range from travel companies to law firms and governments

“It looks like Lion has responded well to the attack and quickly had its systems back up and running,” he said.

Leo Cole at Futurism Technologies, a global IT solutions firm with a Sydney office, agreed.

“From what I have seen reported, Lion’s response has been commendable,” Cole said.

“They engaged a top tier cyber forensic team and they have been transparent in their frequent communication to the public on the issue.”

Despite this, it is a huge disruption and there are still complex issues which Lion is attempting to resolve, including whether any corporate data was stolen.

“To date, we still do not have evidence of any data being removed,” the brewer said in a statement.

“As we indicated last week, it remains a real possibility that data held on our systems may be disclosed in the future. Unfortunately, this is consistent with these types of ransomware attacks.”

It is not just immediate operational disruption then but long-term effects of a cyber attack which can affect a brand’s operations and reputation, so it’s become more important than ever to stay educated and if possible invest in cyber protection.

Cyber security for breweries

As a manufacturing business, breweries are at risk on multiple levels.

“The impact to manufacturing businesses like brewers can be significantly higher as ransomware can accidentally or intentionally disrupt process controls, which is much harder to recover from than just doing a backup of the IT systems,” explained Phil Kernick of CyberCX.

Not only are breweries automated to varying degrees and reliant on interconnected systems to operate, like other businesses they also have data that is valuable to hackers.

“Data such as customer and supplier account details, intellectual property such as new product designs, or a new beer recipe, and manufacturers have connections to other companies through the supply chain which could allow hackers to get at data from multiple companies,” explained Futurism’s Leo Cole.

If a company appears to be under attack, engaging cyber forensic experts is the logical first step.

“Experts need to determine the root cause, the extent of the breach, if there are any remnants of the breach that are still active, and what it will take to recover,” Cole said.

“The experts can determine if the breach was wide-spread or if it was isolated to one part of the company allowing some operations to open more quickly.”

Prevention is better than the cure

But bringing in forensic specialists can be an expensive process and prevention is often better than the cure, although as with all things, it’s never a guarantee that a business will not be targeted.

The industry experts said employing good security practices such as multi-factor authentication, daily backups, as well as improving logging, monitoring and detection processes is key.

“Every company needs to take cyber security seriously,” said Cole.

“All size companies from all industries harbour data that has value to hackers and therefore are susceptible to attacks. There are basic steps for cyber security that haven’t changed in decades.”

He said one of these is to keep systems updated with the latest security patches, and the second is to educate employees on items such as password strength and how to recognize phishing attacks.

“In addition, we have seen that cyber attacks have risen significantly using websites and portals, mobile endpoint devices, and mobile applications as entry points,” Cole explained.

“When engaging a vendor to develop a website or mobile application, don’t make your vendor choice based solely on price but make sure they prove to you they know how to develop secure applications. It takes more than anti-virus and network firewalls to secure those entry points.

“The lack of diligence around asset management is creating new threat surfaces as organisations often don’t know the current health, configurations, or locations of their systems and devices.”

Cyber security technology such as unified endpoint management exists to help track, manage and secure endpoint assets,” he said.

“The challenge is that smaller businesses lack the skills and resources to adequately deploy cyber security technology.

“I recommend that smaller and mid-size businesses look at managed security service providers (MSSPs) to manage cyber security for them.”

The ATO has put together a practical list of preventative measures for businesses to undertake.