What Can the UNFI Cyberattack Teach Us About Supply Chain Security?

On June 5th, 2025, a significant cyberattack struck United Natural Foods (UNFI), a major food supply chain distributor. This incident effectively took UNFI offline, severely disrupting service for countless customers, including Whole Foods. This high-profile event highlights the escalating cybersecurity risks faced by the entire food industry supply chain.

UNFI isn’t alone. Cyberattacks against the food industry are on the rise. Sam’s Club in the US was targeted in March of this year, and in 2021, JBS Foods, recognized as one of the world’s largest beef producers, paid more than $10 million in ransom to restore access to their systems after they were targeted by the REvil ransomware gang. 

What do these attackers have against the food industry? It’s not that deep. On the one hand, cybercriminals are opportunists, so any target will do. On the other hand, food & beverage companies are connected to sprawling networks of suppliers, customers, vendors, and more, making them an irresistible target for a supply chain attack. 

What is a Supply Chain Attack? 

Instead of directly targeting a well-protected organization with strong security, a supply chain attack seeks out the weakest link: a trusted third-party vendor or service provider. These attacks exploit the inherent trust relationships within an organization's extended network. 

As we saw in the UNFI cyberattack, exploiting vulnerabilities in a partner's access can open the door. This means that even large organizations with sophisticated enterprise security can be infiltrated by attackers who gain access through a trusted, but more vulnerable, partner.

How Can Food & Beverage Suppliers Reduce Cybersecurity Risk? 

• Strong Identity Governance: Routinely conduct identity governance reviews to proactively identify and eliminate security vulnerabilities like unused or inactive accounts. This will give you the insights you need to adjust access rights based on current job roles and to enforce the principle of least privilege.
• Intelligent Third-Party Risk Management: Thoroughly assess the cybersecurity posture of all third-party vendors with any access to your network or data. It sounds obvious, but many organizations don’t have a process for vetting vendors to ensure their identity security practices align with best practices.
• Centralized Monitoring of User Behavior – Human and Machine: Implement tools and processes to enable continuous monitoring of identity-related events. Centralized identity security is essential for identifying indicators of compromise such as unexpected login attempts, unauthorized changes to user permissions, attempts to access sensitive data, or unusual geographic login patterns.
• Multi-Factor Authentication for Every User: Deploy multi-factor authentication (MFA) across all user accounts, focusing on secure user access  for cloud services, and adding additional protections for accounts with elevated privileges. 
• Robust Privileged Access Management (PAM): Highly privileged accounts need a robust privileged access management strategy to ensure just-in-time access which grants elevated permissions only when essential and continuously monitors all privileged accounts for any suspicious behavior.

How does IAM Protect Organizations from Supply Chain Risk? 

Automation: IAM solutions enable organizations to automate crucial user lifecycle management processes, ensuring that joiner, mover, and leaver protocols are executed more quickly and accurately.

Authentication: Usernames and passwords just aren’t enough. Robust IAM secures external access through Multi-Factor Authentication, adding an additional layer of protection to thwart would-be hackers from infiltrating your organization from afar.

Granular Access Controls: Over-privileged accounts are a huge vulnerability and an irresistible target for cybercriminals. IAM empowers organizations to create and enforce granular access controls to limit access to only what is needed. 

Threat Monitoring: Most organizations don’t have 24/7 security, leaving you vulnerable outside of business hours. Best-of-breed IAM solutions help you close the gap with continuous threat monitoring that proactively detects anomalous user behavior. 

Zero Trust: Identity security solutions are essential for enforcing principles of least privilege, the gold standard for strong identity management. Under Zero Trust, no user is implicitly trusted, and access requires continuous authentication and authorization.

Building a Resilient Food Supply Chain with Identity Security

The attacks on UNFI, JBS Foods, and Sam's Club are merely symptoms of a larger trend and a clear indication of an evolving cyberthreat landscape that targets critical supply chains. The food industry, with complex networks of suppliers, distributors, vendors, and consumers, has an ever-expanding attack surface that is irresistible to cybercriminals. 

By rigorously adopting principles like least privilege, implementing robust authentication (including MFA), maintaining continuous monitoring, and enforcing strong identity governance for the food industry, organizations can mount a strong defense against these attacks. These measures are crucial for building the resilience necessary to safeguard business continuity and consumer trust.