This week, Dole Food Company revealed that hackers behind a February ransomware attack have accessed the data of an undisclosed number of employees.
“In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” said Dole in a filing to the U.S. Securities and Exchange Commission (SEC) on Wednesday.
“Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement.”
Jamie Akhtar, CEO & Co-Founder of CyberSmart commented “This story is a great illustration of the disruption a sophisticated ransomware attack can cause, particularly in a business with a lot of employees and sophisticated processes. It appears that the sheer number of staff Dole employs allowed the ransomware to spread like wildfire. However, it should also be said that Dole has handled the situation well. Despite some disruption, having a clear plan in place both for backup operations and notifying the relevant parties has allowed the company to minimise the damage.”
Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Centre, added “In 2011, Marc Andreesen famously proclaimed, “Software is eating the world,” but a decade earlier Watts Humphrey beat him to the punch by saying, “Every business is a software business.”
“Software is the critical infrastructure of our time. Cyberattacks on food giant Dole are the latest illustration that software is the soft underbelly for our society. Cyberattacks on food, healthcare, energy, and every other critical infrastructure sector are a reminder that software risk is business risk. Organisations assess and manage risk from natural disasters, geopolitical turmoil, economic vicissitudes, and other types of hazards; savvy organisations recognize the risk posed by the software they use and take steps to minimise that risk.
“A holistic approach to security allows organisations to spend resources most effectively to reduce risk. This means ensuring that the processes for evaluating, procuring, configuring, operating, and maintaining software include security at every phase.
“Recognising that we cannot talk about software without also talking about security and risk is a vital first step toward building a better future.”