JBS and Colonial Pipeline hacks highlight how large food and energy companies have become prime targets

A company that slaughters cattle may seem like an unlikely target for a cyberattack. That is, until you realise that taking out just one company could paralyse burger and steak supplies for all Americans.

That’s the lesson from the recent ransomware attack on one of the biggest US beef producers. Namely, that a fervour for mergers and acquisitions has created single points of failure in some critical industries, making them prime targets for hackers who want to threaten huge disruptions to cash in on the biggest payouts possible.

The attack on JBS SA, which started over the Memorial Day weekend, wiped out production at plants that account for almost a quarter of US beef supplies. That came just weeks after a hack on Colonial Pipeline Co managed to take out 45 per cent of the East Coast’s fuel supply, driving up gasoline prices and sparking shortages in some parts of the country.

It’s the natural risk that comes from the cheap food and energy bills that Americans have come to rely on. Fierce competition among companies to contain costs and achieve scale sparked a wave of consolidation that has left the vast majority of production in the hands of a few giant commodity producers that now oversee giant bottlenecks of supply. In turn, these companies have become sitting ducks for hacker groups that know any downtime of critical operations can cost millions and have serious economic impacts, making it all the more likely that companies will meet their demands.

Colonial ended up paying a US$5 million ransom to regain control over its pipeline. JBS declined to comment on whether the Brazilian company paid a ransom, or on the risks of industry concentration.