Ransomware, Scams, and Having a Plan

Navigating the Digital Landscape in Agriculture

Over the past two decades, cybercrime costs have soared from $17 million in 2001 to $10.3 billion in 2022. Agriculture is not immune to this as cyberattacks against the food and agriculture sector increased by 607 percent in 2020. Michael Gregg, Chief Security Officer in the State of North Dakota, spoke at the 2023 Bushel Buddy Seat Conference on real, practical tips agribusinesses can take to mitigate the risks and impacts of cyberattacks.

Here are some examples of how cybercriminals are getting access to account and financial information:

Fake websites 

• Gregg showed an example from the U.S. Postal Service, where more than 450 workers lost more than $1 million in a direct deposit scam. After creating a fake, spoofing website that mimicked the USPS payroll system, these employees were tricked into providing usernames and passwords that allowed the cybercriminals to log into the real system and reroute paychecks.

Business email compromise 

• This is one of the fastest-growing cybercriminal activities. It goes after the business relationship you have with your vendors and suppliers. Through phone calls and emails, threat actors can convince you or your staff to change billing routing information or disclose personal details that give access to accounts. Once the cybercriminals access these funds, they are swiftly withdrawn and lost.
  
  In 2022 the Internet Crime Complaint Center reported that business email compromise cost organizations $3.5 billion. This is on the rise in agriculture as well. In 2021, 12% of business email compromise targets were in the category of process manufacturing and agriculture. 

Ransomware

• Ransomware, a type of malicious software, blocks access to a computer system or data, usually by encrypting it until a ransom is paid. The threat of ransomware can severely disrupt operations, from production schedules and supply chain management to financial records, necessitating prompt and knowledgeable cybersecurity actions. Since 2022, there has been an 85% increase in ransomware attacks, with an average of 4,000 occurrences daily. The repercussions of ransomware attacks can include the exposure of confidential information, loss of access, financial losses, damage to reputation, time spent on incident response management, and cleanup costs.

Preventative Measures

Fortunately, there are ways that agribusinesses can protect themselves from cyberattacks. 

“Upfront, right now, is the right time to have a plan. Just like winter in Bismarck, do you have the supplies in your car for the winter? This is the same way. Are you prepared for these types of events?” Gregg noted. 

An incident response plan is a documented strategy outlining steps and procedures an organization follows to detect, respond to, and recover from cybersecurity incidents, minimizing damage and recovery time.

Gregg mentioned a few different ways to ensure better cyber hygiene - changing and working on business practices to keep systems safe. Password management and employee training are two key ways to improve cyber hygiene - changing and working on business practices to keep systems safe. Password management and employee training are two key ways to improve cyber hygiene.  

Gregg also referenced CIS 18 Core Security Controls as one way to start improving the management of systems and processes to reduce cybersecurity risk. Gregg mentioned that implementing the first 10 controls on the list could result in an 80% reduction in risk. 

“You have to have continued diligence on this. It starts with the basics,” Gregg said. “We have to work to improve our security posture. There’s a lot we’re already doing, but we can always do more.”

‍