KANSAS CITY, MISSOURI, US – While the age of Information Technology has benefited agribusiness in myriad ways, an anonymous group of bad actors continues to threaten the industry in ways that perhaps weren’t envisioned when the World Wide Web was first introduced as a widely available technology in the 1990s.
A report from CrowdStrike in 2021 noted that of the 160 computer hacking groups that the company tracks, 13 were identified as targeting the agriculture industry. The US Federal Bureau of Investigation reported that at least eight hacks of agriculture companies occurred in the United States in 2021, including grain cooperatives in Iowa and Minnesota that were partially shut down for several weeks as the ransomware hackers demanded seven-figure payments to end their hacking operation.
The threat appears to be growing, with ransomware costs totaling an estimated $6 trillion (yes, trillion, with a t), according to Cybersecurity Ventures. And with geopolitical tensions boiling over, the threat of state-based cyberattacks on other nations, which could include their agricultural assets, has never been greater.
Speaking to North American grain elevator managers at the 2022 GEAPS Exchange in Kansas City, Dan Hanson, senior vice president of management liability and client experience for Marsh & McLennan (MMA), warned that the global agricultural supply chain is a prime target for cybercriminals.
He emphasized that it’s not just the Fortune 500-type firms that are targeted. In fact, more than 60% of the cyberattacks in the United States are on small- and mid-sized companies, including some that have faced devastating consequences for not spending adequate time and resources on cybersecurity. The US House of Representatives Small Business Subcommittee on health and technology recently reported that 60% of small businesses (defined as 100 employees or less) fail after a cyberattack. However, a recent MMA survey of agricultural companies found that only 56% of respondents ranked cybersecurity as a top-five risk management priority. Eighty-two percent believe they are prepared to prevent a cyberattack, yet only 45% said they had a plan in place. Even more troubling is that 87% of all agribusinesses surveyed did not have a contingency plan to manage security breaches.
Agribusiness, which traditionally has excelled in business strategies focusing on production, safety and efficiency, must make security — with a heavy emphasis on cybersecurity — a greater priority. It should no longer be viewed as a luxury but a necessity, as ransomware and other cyber threats are only going to increase in the coming years.
Hanson emphasized that cybersecurity isn’t only an IT function; it’s a way of doing business that must start at the executive level and filter through an entire organization. That means continuously educating employees on how to handle text and phone scams, phishing emails and ransomware threats. It also requires significant expenditures to make sure computer system defenses are updated, firewalls are installed, data is backed up and endpoint protection software is utilized.
Failing to take these cybersecurity measures would be penny wise and pound foolish.
Arvin Donley is editor of World Grain.