A New Kind of Pest: Hackers and Cyberattacks
The threat of cyberattacks on agricultural producers is increasing, along with the resulting costs for individual farmers and agri-food businesses.
More than 20 per cent of Canadian businesses were a target of a cyberattack in 2019, Statistics Canada reports. The Canadian Centre for Cyber Security puts the cost of cyberattacks on Canadian businesses in the hundreds of millions each year, although the actual amount is certainly higher as most attacks go unreported.
Cyberattacks range from simple messages aimed at duping the reader to technically complex viruses and programs that can infect a computer.
A common form of cyberattack is phishing, which is the process by which an email that appears to be from a trusted sender attempts to fool the recipient, often by enticing them to click a link which results in the automatic download of harmful software to the recipient’s computer. This software is often a form of “ransomware” which essentially prevents the user from accessing their computer or accounts until a fee is paid.
Another less obvious type of cyberattack occurs when someone inside an organization allows a third-party to access the organization’s data, or simply leaks it. Over the years certain activists have gone to great lengths to gain employment on specific poorly managed farms in order to record and release footage, which is then used to falsely represent an entire industry rather than address the issues of a single farm.
One type of attack especially pertinent to farmers is the issue of sensor hacking, which can lead to the improper distribution of fertilizers, water, chemicals, or to the disruption of animal welfare monitoring systems.
Certain agricultural businesses may be more subject to cyberattacks than others, such as those in the livestock sector which attracts significant attention from activist, or “hacktivist” groups. Some farmers have had their addresses leaked or even mapped by activists.
Agricultural organizations may even be targeted for intellectual property theft. For instance, certain crop varieties or technologies developed by an organization may be hijacked and used by another entity to gain advantage in today’s highly competitive markets.
With the increasing frequency of cyberattacks, agriculture must shore up its digital defences, especially in light of recent research at Virginia Tech which found that many actors in the agriculture industry have received insufficient training in this area. In one U.S. study by Andrew Geil at al, about half the farmers surveyed (51 per cent) were interested in attending cybersecurity training, but only three per cent had actually attended such training. An Illinois State University survey of 1,500 beginning farmers in Illinois showing that 34 per cent of them were interested in attending cybersecurity training, and 10 per cent had actually attended such training.
Focus on versatility
Agricultural production is already susceptible to unpredictable circumstances, such as weather, but as farms become more technologically complex, the potential for significant disruption due to cyberattacks is increased for all actors and stakeholders. Moreover, the risk of on-farm cyberattacks is not distributed equally within the industry, with some sectors being targeted more frequently and some farms less financially equipped to invest in appropriate safeguards.
Loss of access to critical data and systems are among the primary risks facing farmers. Data may be hijacked, erased, stolen, or manipulated. Poultry monitoring, automated milking, self-propelled tractors, watering and fertilization, or cough detection in a pork finishing barn are examples of systems which may be disrupted, leading to production and revenue losses and perhaps even food supply issues.
Through Farm Management Canada’s AgriShield platform, farmers can work towards creating a comprehensive risk management plan for their farm. Go to the AgriShield website at myagrishield.ca
In the case of stolen intellectual property, as mentioned above, the impacts may be even broader if the company’s competitive advantage is lost.
What does it mean for farmers?
Today’s farmers must include cybersecurity in their risk management plans. Ensuring proactive risk management can build resilience to cyberattacks, limiting the potential for data and production losses. Should a cyberattack take place, well-prepared farmers should know what resources are available to them in the event a data security breach or if their farming systems are compromised.
Farmers already face significant pressure to plan for and adapt to the ever-changing landscape of the agricultural industry. The topic of cybersecurity is intimidating for most people, but making time to develop the farm’s resilience to cyberthreats can limit potentially significant damages and frustration.
What does it mean for farmers?
Farmers can manage cybersecurity risks by taking proactive measures to ensure the integrity of their data or by knowing to whom they should turn to resolve any issues which may occur as a result of a cyberattack. Working with industry partners to ensure that security systems are up to date should be a key first step. Farmers should also do the following:
- Never provide private financial information to an unverified entity
- Use multiple layers of authentication (such as multifactor authentication)
- Backup your documentation and data
- Advocate for greater cybersecurity protection within their own social and professional network
- Advocate for greater cybersecurity protection within their own social and professional network
- Install a combination of cybersecurity tools, antivirus and malware protection software, encryption, VPN
- Seek cybersecurity training
- Find a cybersecurity support contact
- Identify vulnerabilities in your organization
- Regularly ensure systems and software are kept up to date
Building cybersecurity into your farm business plan or risk management strategy will limit your exposure to the risk of cyberattack while also reducing the stress and confusion that may occur after such an attack has taken place. This is important not only for the farm’s productivity and profitability, but also to protect the supply chain at large.
Through the AgriResponse website, Farm Management Canada provides a forum to ask questions about risk management in agriculture and publishes articles on emerging risks and management strategies. Go to the AgriResponse website at agriresponse.ca