When hackers recently hit Coinbase and demanded $20 million in Bitcoin – threatening to leak customer data if the ransom wasn’t paid – it sounded like a storyline ripped from a cybersecurity thriller. But what happened next is even more dramatic: Coinbase CEO Brian Armstrong flat-out refused to pay and instead offered a $20 million bounty to catch the culprits.
It’s bold. It’s high stakes. And according to Dean Gefen, CEO of cybersecurity workforce development firm NukuDo, it’s also a wake-up call for everyone – especially industries that don’t usually make tech headlines. Yes, that includes players in the food industry, no matter how big or small.
“The Coinbase incident should serve as a wake-up call that no company, regardless of their size, sector, or cybersecurity maturity, is immune from targeted attacks,” Gefen told this site. “For bakery and snack manufacturers, the key takeaway is this: cybercriminals aren’t just going after tech firms. They’re targeting operational vulnerabilities wherever they exist.”
Inside the Coinbase cyberattack
Earlier this month, cryptocurrency giant Coinbase confirmed it had suffered a major cyberattack affecting more than 69,000 customers. The breach was orchestrated through a bribery scheme involving overseas customer support contractors, allowing attackers access to sensitive personal data, including names, addresses, phone numbers, masked Social Security numbers, account balances, transaction histories and images of government-issued IDs.
The hackers demanded $20 million in Bitcoin as ransom. Coinbase refused to pay and instead offered a $20 million reward for information leading to the identification and prosecution of those responsible. The US Department of Justice has since launched a criminal investigation into the incident.
The company estimates the cost of remediation and reimbursements could run between $180 million and $400 million. In response, Coinbase has terminated the compromised contractors, strengthened its fraud detection systems and announced plans to move its support operations to a new US-based hub to bolster security.
No one is off the radar
There’s a dangerous myth that smaller companies or those in non-digital sectors are safe. But Gefen says hackers are casting wide nets and targeting industries where disruption hurts most.
“Even if your digital infrastructure is less complex, that doesn’t mean it’s less valuable to an attacker. In fact, it’s often the opposite,” he explained. “Less complexity can mean easier access.”
It’s not about whether you’re a household tech name. It’s about whether you’re vulnerable and whether taking you offline will cost you enough to make ransom payment seem like the only way out.
“Ransomware groups are hitting bakery and snack companies because it works. These businesses operate on tight margins, with perishable goods and supply chains that can’t afford to stop. That kind of pressure makes them more likely to pay up.”
Unlike banks or hospitals that have strict regulations and well-staffed IT departments, bakeries don’t always have robust cybersecurity defences. And attackers know it. “The sector is digitising fast, but security hasn’t always kept pace. That lag is exactly what ransomware groups are counting on. Investing in talent – the right talent – is one of the most overlooked but powerful ways to close that gap.”
“The question isn’t if you’ll be targeted. It’s whether you’ll be ready when it happens.”
Dean Gefen
Gefen also warned that some companies are lulled into a false sense of security because they’ve never been attacked – yet. “Just because it hasn’t happened to you doesn’t mean you’re secure,” he said. “That kind of thinking is exactly what lets attackers slip through unnoticed. Complacency is the soft underbelly of cyber defence.”
When old systems create new threats
Many food companies still rely on legacy systems that haven’t been meaningfully updated in years. Combined with overstretched teams, it’s a sweet spot for cybercriminals.
“Ageing systems are inherently more vulnerable. They often lack support, patches, and compatibility with modern security tools. Add in a stretched-thin team and you have a recipe for risk.”
But companies don’t need to break the bank to make a difference. “Start with the basics: enforce multi-factor authentication, have a real backup and recovery plan - test it and run phishing simulations with your staff,” he advised. “Cybersecurity isn’t about perfection. It’s about closing the easy doors attackers walk through.”
Gefen also emphasised the importance of testing your worst-day scenarios in advance. “Pick your most critical system and ask: what would we do if it were encrypted tomorrow? Then walk through it. Practice beats panic.”
Even the most secure companies rehearse breaches - they simulate attacks so they can respond calmly and effectively when something real happens. Why should food manufacturers be any different?”
Cybersecurity shouldn’t slow you down
It’s tempting to think of cybersecurity as something that gets in the way of innovation but Gefen says it’s actually the opposite.
“You can’t grow sustainably without securing your foundation,” he said. “Cybersecurity should be an enabler, not a roadblock. It’s what keeps your systems reliable, your data protected, and your operations uninterrupted.”
The key, he added, is weaving cybersecurity into everyday decisionmaking. “From choosing secure platforms to making sure your team knows how to use them safely - that’s where resilience is built. Bake security into every stage of the journey.
“It’s about building trust across your supply chain, too,” he added. “When customers and partners know you take security seriously, it becomes a competitive advantage, not just a compliance checkbox.”
People over products
Coinbase’s dramatic refusal to pay ransom made headlines, but that kind of stance isn’t always realistic in food manufacturing, where time is of the essence and delays mean spoilage, not just lost data.
“When you’ve got trucks waiting, shelves to stock and product at risk of going bad, the pressure to pay a ransom can be enormous,” Gefen admitted. “But paying doesn’t guarantee recovery and it makes you a target for the next round.”
His advice? Don’t wait to figure out your response during a crisis. “The best strategy is not deciding whether to pay. It’s building systems that prevent you from having to make that decision in the first place.”
While many businesses rush to install the latest firewalls or antivirus software, he contends the real strength lies in human capability.
“Investing in cybersecurity isn’t just about buying tools, it’s about building teams,” he said. “You don’t necessarily need a massive internal security department, but you do need people who can assess risks, build smart defences and act fast.”
That means thinking beyond traditional hiring models. “Look for people who understand how your digital systems interact with your production lines and supply chains. That’s where the vulnerabilities often live.”
He added that forward-thinking companies are building pipelines with specialised training for operational tech environments. “We’re seeing success with programmes that focus on real-world threats in the food and manufacturing sectors,” he said. “If you want resilience, you need people who know how to secure the floor, not just the cloud.”
3 things to do right now
Gefen lays out a no-nonsense, three-step checklist:
• Back up your data. “Do it regularly, store it offsite and make sure it actually works when you need it.”
• Train your people. “Teach everyone - from the C-suite to the plant floor - how to spot phishing emails, use strong passwords and report suspicious behaviour.”
• Run a tabletop exercise. “Pick your most critical system and ask: what would we do if it were encrypted tomorrow? Then walk through it. Practice beats panic.”
Don’t assume you’re safe
Gefen offers a final word of caution: just because your company isn’t Coinbase doesn’t mean you’re safe from cybercrime.
“The question isn’t if you’ll be targeted. It’s whether you’ll be ready when it happens.”
Food manufacturers may not be in the tech spotlight, but they are very much on the radar for ransomware groups. The clock is ticking and attackers aren’t waiting.