A shortage of qualified cybersecurity professionals threatens agriculture companies, expert warns
Looking for a professional to help identify potential cybersecurity threats? Within the agriculture industry, qualified help could be hard to come by, according to cybersecurity credentialer CREST International.
Agricultural operations such as feed mills are increasingly vulnerable to cybersecurity attacks, according to Tom Brennan, executive director for CREST International’s U.S. operations. Like many industries, agriculture has turned to automated technology to reduce labor costs and cope with recent talent shortages. But many of these automated technologies are connected to the internet, which means that bad actors could hack into a feed mill’s systems and interfere with data or even manufacturing processes.
“Today, software can control things like farming equipment, GPS locations, food production systems and temperature controls — all these things are becoming more and more automated,” Brennan said. “It lowers cost and improves efficiencies. But they’re also open to attack.”
Unfortunately, the risk to agriculture and food production systems has been largely overlooked by the cybersecurity industry, Brennan said. Because of a shortage of talent within the cybersecurity profession, qualified professionals can find work in any number of desirable industries — and will often choose jobs within high-paying sectors like finance, he said.
“In the real world, if we look at what our talent pool looks like, the majority of people move around opportunity,” he said. “And if we look at underserved industries, those are the industries that are ripe for attack by people who want to take advantage” of the talent shortage.
This can create difficulties for smaller agricultural companies that may not need to hire a cybersecurity professional full time. A company such as an independent feed mill might like to hire a professional to check for and mitigate cybersecurity risks, but the talent shortage has allowed bad actors and underqualified individuals to enter the market and pose as legitimate service providers in order to take advantage of small businesses, Brennan warned.
“The analogy we use these days is, if you had a heart condition, are you going to an accredited hospital? Because you’re probably not going to another person’s garage,” he said. “But that’s kind of what we are doing. A lot of industry, especially in the Americas, is working with third parties that may not have all the prerequisite abilities.”
Brennan noted that CREST has recently added several professionals who specialize in agriculture and critical infrastructure to its list of vetted cybersecurity professionals. He said the nonprofit’s online listings can help companies identify appropriate service providers in their area who can help with risk assessment, security control validation and other key services.