Farmers, cattlers, and other firms that are part of the agricultural industry (Ag) are increasingly the focus of cyber attacks. Cybercriminals are targeting these firms in part because of the large quantities and varied types of data that can be stolen or compromised for financial gain. “The UK government and the FBI have warned that the threat of cyber-attacks is growing,” the BBC reports, with one Ag company paying $11 million to criminals as part of a ransomware scheme in 2021.

 

As agriculture companies increasingly adopt smart and connected technologies, they become even more vulnerable. Technologies and data practices associated with smart farming, sensors & control systems, internet of things (IoT) and analytics, and both drones and robots create new threat vectors criminals can exploit. Attacks can result in the theft or compromising of data, finances, tools, and employee information.

 

Now, “an overwhelming number of agriculture companies have already been targets of cybercrime,” as AEI describes. But while cybersecurity in agriculture is a challenging problem, there are steps agriculture firms can take to reduce their exposure, limit the damage of an existing attack, and position their employees as the first line of defense. In this article, we explore the rising trend in agricultural cyberattacks and discuss methods for protecting these firms.

 

The Evolution of Cyber Attacks in Agriculture

 

While agriculture has traditionally been a relatively low-tech industry, the adoption of smart and connected technologies like sensors and analytics, IoT devices, robotics, drones, and precision agriculture has changed this landscape. These tools collect vast amounts of sensitive data that can be valuable to criminals for financial gain or espionage.

 

As agriculture companies become more digitized, they are faced with the challenge of protecting their data and systems from cyber threats. Cybercriminals may launch attacks via malvertising campaigns, phishing emails, ransomware, botnets, and other tactics that exploit vulnerabilities in both people and technology.

 

These risks are carrying over into the physical world as agriculture firms’ use of intelligent machines increases. “As more machinery offers online capabilities such as mapping and automated steering, any equipment from tractors and combines to trailers hauling expensive fertilizers and chemicals could be targeted by attackers,” says George Grispos, Ph.D., assistant professor of cybersecurity at the University of Nebraska Omaha. A worst-case scenario could be “a malicious actor taking full control of large machinery, particularly if it’s carrying dangerous chemicals, in a highly populated area or along a busy road.”

 

Smartphone Adoption Among Ag Organizations

 

But sophisticated robotics and intelligent machinery are only one dimension of a growing problem. Farmers, who have a smartphone adoption rate of 90% according to AEI, are increasingly using mobile devices for agriculture-specific applications. That includes using smartphone apps for real-time operational metrics and reporting to help improve their operations, productivity, and business results. 

 

Since smartphones are so accessible, agriculture firms both big and small are adding smartphones to their operational networks, with or without cybersecurity best practices in mind. “With so many farming systems relying on GPS mapping, soil sensors, drones, and automated tractors, there is plenty of room for malware to disrupt these key systems through an unvetted app,” says AEI.

 

Local Threats Make a Global Impact

 

Agricultural firms are critical, original sources to countless modern supply chains; consequently, successful attacks on these firms can have far-reaching impacts. “It raised concerns ranging from supply chain problems to commodity trading and stock price impacts,” says Government Technology. Their article goes on to quote a recent FBI report for an example: “An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products… and have cascading effects down to the farm level as animals cannot be processed.”

 

Now, even mainstream hacking groups that typically target the world’s largest firms are shifting their focus to agricultural operations. “Of the 160 hacking groups or gangs [tracked in a recent intelligence report], 13 were identified as targeting the agriculture industry,” AEI reports. Given the potential for financial, environmental, or even national security risks associated with successful attacks on agriculture firms, it is clear that cybersecurity must be a mission-critical priority for agriculture companies moving forward.

 

Six Modern Ag Cyber Threats

 

The cyber threats Ag companies face are familiar terms that nonetheless have unique implications for these companies. Here is a closer look at six common threats and their risk potential for agriculture firms:

 

          •Malvertising: Malvertising, or malicious advertising, refers to the use of online ads to spread malware
           and other cyber threats. It targets users’ devices through complex software frameworks in order to
           gain entry into the systems they are connected with. Agriculture firms with multiple employees on
           mobile devices are particularly at risk, as malvertising instances need only compromise a single person’s
           device.

           •Phishing emails: Phishing emails are another common threat used by hackers to infiltrate agriculture
           firms. Government Technology cites an example where a cyber criminal imitated a vendor payment,
           sending an email that instead would funnel funds to the criminal’s bank.

           •Ransomware: One of the most dangerous forms of malware, ransomware is a type of malicious
           software that encrypts data on an affected device; the criminal firm then demands money from
           the user in exchange for access to their own files. The time-sensitive nature of Ag operations makes
           these firms particularly vulnerable as they cannot afford to “wait out” these types fo attacks.

           •Botnets: A botnet refers to a group of linked devices that can be controlled remotely. These attacks are
           particularly dangerous for firms with connected drones or robotics—botnets are frequently used to harm
           or destroy agriculture equipment and semi-autonomous farming operations.

           •Stolen credentials: Criminals may capture employees’ login information or perform “account
           takeovers,” providing them with access to critical systems, data, or controls.

           •IoT breaches: As agriculture firms increasingly rely on IoT devices and other smart technologies, they
           may become the target of a brute force attack. These attacks attempt to break into a network by attempting
           many different password combinations, eventually gaining access to the system if they are successful.

 

Defining New Ag Cybersecurity Priorities

 

 

There are solutions for Ag firms looking to upscale their cybersecurity capabilities and improve their cybersecurity posture. A recent presentation by Dr. Taylor Reynolds at MIT’s Internet Policy Research Initiative highlights three priorities Ag companies should keep in mind as they take steps toward cybersecurity resilience. We’ve paraphrased those recommendations here.

 

1. Adopt New Means to Keep Attackers Out

 

Methods like two-factor authentication (2FA) and simply encouraging good practices when maintaining passwords are cost-effective ways that agriculture firms can further protect sensitive data. These methods require additional verification to gain access to critical systems, helping to mitigate the risk of stolen credentials and other attacks. “Employees should be trained so they go from being a company’s weakest link to standing as its first line of defense,” says Government Technology.

 

2. Limit Potential Damages Should a Breach Occur

 

Ag companies can restrict access to critical systems so that only authorized employees can make changes or access sensitive data. This reduces the risk of lost credentials or account takeovers putting those critical systems in danger. Isolating one or more systems to their own networks, such as IoT sensors and controls, can ensure a breach in one network doesn’t put other critical systems at risk as well.

 

3. Build Resilience for Faster Recovery

 

Agriculture firms also can adopt automatic data backups and other recovery protocols to minimize the damage caused by a security breach. Developing substantial disaster recovery (DR) policies and investing in advanced third-party DR capabilities, such as backup as a service (BaaS) and disaster recovery as a service (DRaaS), can help agriculture firms bounce back quickly after an attack.

 

With these best practices in place, agriculture firms can better protect themselves against emerging cyber threats and build resilience in the face of future attacks. “Cybersecurity is a challenging problem, but these simple steps can reduce your exposure significantly,” as Reynolds describes.

 

Embracing “Security By Design”

 

Firms may be wary of new efforts and investments in cybersecurity as they undergo other areas of digital transformation. But in fact, putting cybersecurity first while their transformations are in progress is ideal.

 

“Security by design” is a concept that has emerged in recent years as a promising approach to cybersecurity with this approach in mind. Instead of treating security as an afterthought, agriculture firms can integrate cybersecurity into the design process for new technologies, products, or services. This approach can help agriculture firms detect and respond to cyber threats more quickly and effectively.

 

“Security by design should be incorporated at every level of our connectivity and tech-support systems,” in agriculture, according to AEI. In time, agriculture firms that adopt this approach to cybersecurity may see benefits such as strengthened data protection and reduced risk of breaches.

 

Agricultural Cybersecurity by Uvation

 

The cybersecurity experts at Uvation are dedicated to helping agriculture firms protect their data and systems against emerging threats. As a trusted provider with years of experience in the agriculture industry, Uvation helps firms develop a robust cybersecurity framework and protect their data, finances, tools, and employees from cyber attacks. Contact us directly to learn more about opportunities for your organization.