Coca-Cola confirmed that a ransomware attack on Fairlife, its protein-milk subsidiary, has halted US dairy production. This isn't a leaked-credentials-and-apology-email story -- the attack reached far enough into operational systems that physical manufacturing stopped. Coca-Cola is a company with essentially unlimited security budget and mature IT governance, and the incident still took a production line offline.
This is the pattern industrial ransomware has settled into over the past few years: attackers increasingly aim past the corporate network and into the OT/ICS layer that actually runs plants, because that's where the leverage is. A shut-down assembly line costs more per hour than a locked file server, and executives under production-loss pressure pay faster than executives under mere data-exposure pressure. Food and beverage manufacturing has become a favored target precisely because it combines just-in-time supply chains, thin margins, and legacy control systems that were never designed with segmentation from corporate IT in mind -- the same weakness that's hit meat processors, breweries, and now a dairy plant. The lesson institutions keep failing to absorb is that brand-name parent companies inherit the security posture of every subsidiary they acquire, and M&A due diligence rarely audits ICS network segmentation the way it audits financials.
The SAL read: if your production floor and your corporate network share a flat topology, you're not one breach away from a data leak -- you're one phishing email away from an idle factory.