‘It’s not a matter of if but when’ your company will become the target of a ransomware or other cyberattack, experts warn
In 2021, several high-profile agrifood companies and ag cooperatives were successfully targeted by cybercriminals who launched ransomware attacks, locking up the company’s computers and effectively suspending operations until their demands were met.
Recently, agribusiness stakeholders took on the topic during the panel discussion, “Cybersecurity and Ag,” at the 50th National Grain & Feed Association (NGFA) Country Elevator Conference (CEC).
“This is a topic people don’t want to talk about. They think this is never going to happen to them,” said Lee Gleason, vice president of sales at ProValue Insurance, noting that there have been more than 500 million cyberattack attempts this year, which averages to over 500,000 attempts every day.
Cyber thieves attack companies via three main channels — email insecurity, software vulnerability and though remote access, noted Sarah Engstrom, CHS Inc.’s chief information security officer (CISO) and vice president of its information technology (IT) security, productivity and privacy.
The panel urges companies to taking every possible measure to prevent becoming the victim in the first place.
Gleason shared his top 6 basic prevention steps:
- Have an incident response plan in place: After a breach is detected, companies will want to quickly move to action to mitigate damages and begin the recovery process.
- Securely back up your data: Having critical corporate information in a secondary location ensures continuity of business and that all is not lost should your company choose not to pay the ransom.
- Implement multifactor authentication (MFA): Ninety-nine percent of compromise attacks can be blocked by MFA. Meanwhile, 94% of victims will not have MFA in place.
- Patch and update equipment regularly: Software updates on devices are critical for preventing breaches.
- Use endpoint detection and response (EDR) software: This integrated, real-time security solution defends networks against endpoint threats.
- Employee training: Education is key. Ninety percent of cyberattacks are the result of employees mistakenly taking the bait. Some companies contact outside firms to test their cybersecurity, conducting “phishing expeditions” to suss out weaknesses.
Cargill‘s CISO Jim O’Conner acknowledged that not all companies have the resources to hire a full-time IT or cybersecurity staff, but emphasized that’s where being prepared pays off: “The things you do on the front end can be really beneficial when something happens.”
Beyond taking all the necessary steps to prepare for and prevent an attack, the expert panel suggest investing in a cybersecurity insurance to protect your business. However, given the rash of incidents, providers have heightened expectations for their customers.
A cyber event comes with many costs — legal, network damages, business interruption, ransom payments and reputation, Gleason noted.
“This is the biggest threat America’s farmers, ranchers and agricultural businesses have faced in three decades,” said Victoria Myers, senior editor of Progressive Farmer and the panel’s moderator. “We cannot overemphasize how critical this is — and not only for the farms and ranches across the country — but I don’t think I’m overreaching when I say to you that this is a major national security issue.”
Cybersecurity & Infrastructure Security Agency (CISA): https://bit.ly/33wZCUc
NGFA Cybersecurity: https://bit.ly/3F0iPvf