Cyber Threats to the Agriculture Sector

"...... There are Over 120 Data Variables Per Cow Per Day. The More Your Business Depends on Data, The More You Have to Secure It. Data is The Lifeblood of Your Business. CyberPrism Can Help You Identify The Risks to Your Organisation and Help You Manage Them, Especially in the Supply Chain. Get Ahead of The Bad Guys, Be Smart and Manage The Innovation. Managing Cyber Risk Effectively Can be a Business Differentiator."
Paul C Dwyer CEO - Speaking to the Board of a Major Agriculture Enterprise


Cyber Crime Sets its Sights on Agriculture

Increasingly sophisticated and professional cyber criminals are turning their sights on the agriculture industry and many people are not set up to protect themselves.

Cybercrime is a serious problem for all industries and sectors, but some are better prepared than others. As digital transformation sweeps across the agricultural industry, many businesses are leaving themselves open to risks that they don’t fully understand. This is a major problem because cyber criminals are looking for sectors and organisations which are digitally exposed and which might not have built adequate defences. For this reason, agribusiness looks ripe for the taking.

Targeting Agriculture

Earlier this year HSBC issued a stark warning to farmers about the risks of cybercrime. Criminals, they said, were specifically targeting the sector. They exhibited plenty of knowledge about the workings of agriculture and were likely to attack at times when farmers would significant revenue coming in, such as when they have received the basic payment. They know the business and pick times when their targets might be busy or distracted. Losses here, therefore, could prove catastrophic.

Farmers, they said, were being targeted by several main types of fraud in particular.

  • Business email: By impersonating a person the farmer may know and trust the fraudsters try to email accounts team and convince them to make an urgent payment or to change their account details.
  • Text and phone scams: Phishing calls and scam texts are easy and cheap for cybercriminals. They attempt to trick targets by divulging personal information or selecting a link which then downloads malware.
  • Phishing emails: A phishing email is designed to look real but trick you into entering your account details or downloading malicious software. Many of these emails are relatively easy to spot, but more recently attacks have become much more convincing. Fraudsters can now convincingly mimic the branding and content of well-known organisations which means many people will trust them.

Malware takes many different forms and is developing all the time. Trojan horses piggyback on other seemingly innocent looking programs. For example, you might download a game and start playing it, but remain blissfully ignorant of the malware which has come along with it.

Adware attempts to spam your browser with advertisements while ransomware literally holds a computer system hostage. It aims to deny service, locking you out of your system and only returning access once a ransom has been paid.

Why the Agricultural Industry?

So, why are fraudsters targeting the agricultural sector? The answer lies in the growing digitisation of the sector. Like many industries, agriculture is undergoing a digital revolution powered by big data.

At the thin end of the wedge, existing paper trails have progressively been moved into the digital realm, which means farms routinely have substantial amounts of important documents and communications stored in digital formats. It has become increasingly dependant on readily available confidential data which makes it vulnerable.

Beyond that, digital technology is transforming agriculture everywhere you look. Computers, robots, sensors and big data analytics are driving decision making in the search for higher and more sustainable yields. Farms are driving towards a concept of precision agriculture, a data driven methodology for optimising crop production. Key areas include soil sampling, yield monitors and maps, GPS guidance systems, satellite imaging and automatic section control.

A report by Goldman Sachs states that Precision agriculture can increase expected yields and could prove crucial in feeding the world in the coming decades. New technologies, estimates their report, will allow for 70% increased yields from existing agricultural lands, which could translate to a market of $240bn by 2050. It does all this by helping farmers achieve more sustainable production. It is the solution governments and the agricultural industry has been looking for, something which to improve environmental performance while maintaining or even improving economic performance.

Process automation is firstly taking the human element out of tasks and secondly generating huge amounts of data. Automated milking, for example, is growing rapidly and estimates suggest around half of all dairy cows in Europe could be automatically machine milked by 2050.

There is also added value in the data generated. Automated milking machines generate a huge number of variables with each cow. All that data can drive further insights and help farmers to optimise their operations.

IoT Revolution

Internet of things technology (IoT) is driving connectivity of objects and devices across the agricultural sector. Bi Intelligence states that the number of IoT devices on farms is growing at an annual rate of 20% and could hit 75 million by 2020. These can deliver hitherto unseen insights and details on farming which helps to optimise decision making.

For example, smart climate monitoring uses sensors placed around the farm which it then sends to the cloud. This data can be used to map weather conditions and choose appropriate crops. It can also store historic data allowing farmers to extrapolate trends and adjust growth strategies accordingly.

When used within greenhouses, sensors can adjust climatic conditions to ensure optimal growth of plants, while crop management sensors can track temperature, precipitation and other variables This can be used to extrapolate trends, monitor crop growth and plan ahead.

Smart agricultural sensors can also be attached to livestock to monitor their conditioning. It can measure health, nutrition and activity to provide real-time data on the health and condition of each and every cow.

Farmers are also turning to GPS technology to track movements of vehicles and livestock. Systems connect to a cloud-based platform which can give farmers real-time views of the location of their livestock at any one time. Their movements can be tracked and stored as historic data to monitor changes in behaviour, issue alerts if there are any problems, and to streamline herd management processes. By doing so it helps farmers with the management of their herds while reducing their administrative costs.

Robots and AI are also becoming increasingly influential. The global market for agricultural robots is expected to grow to almost $20bn by 2026 with North America spearheading growth. The main application is currently spraying, weed control and automated harvest, but as this technology evolves it is being used for autonomous processes such as seeding and automatic navigation of vehicles in the field.

Sensors enable farmers to gain data from the entire product lifecycle through automated ID tags. This can see everything about how they are moved, stored and preserved throughout the product life cycle.

Protecting Data

All that innovation is highly beneficial, but it comes with a risk. Agribusiness is becoming increasingly reliant on IT systems with 100% availability being mandatory. Even a relatively short outage can be damaging. Individual organisations are highly dependant on chains and networks which makes it extremely difficult to manage risk. Every defence is only as strong as its weakest link and, in an environment which is so heavily networked, a weakness in a third-party can put your own systems at risk.

This is even more important in the world of GDPR in which control over data may be surrendered to third parties, but responsibility for its safety stays with the owner of the data. As such, if data belonging to customers or business contacts were to be leaked because of a problem with the third party, you could still be held liable.

Software can be a significant vulnerability. This is crucial to the digital infrastructure of the agribusiness industry but it can leave it open to attack. Cybercrime is evolving constantly and software packages often struggle to keep up. It’s a game of cat and mouse. The criminals develop an approach which breaches defences and defenders adjust their approach accordingly. Software requires constant updating to avoid cracks in the system opening up. Unfortunately, many software packages do not make it easy to update protections and every minute they go without an update represents an opportunity for the crooks.

Most of all, though, cyber criminals look at the agricultural industry because many organisations are uniquely vulnerable. Larger corporations may have implemented effective defences, but smaller companies and farms might lack the time, resources and sometimes the inclination to design adequate cyber defences. Budgets are tight and it is easy to view cyber security as a non-urgent expense.

Furthermore, they may not have the financial resources to tolerate downtime which makes them particularly vulnerable to denial of service attacks such as ransomware. If it’s a choice between a catastrophic interruption to operations and paying a ransom, most business owners will make the payment and the criminals know it. Even larger firms may struggle to recruit individuals with the required expertise and to develop a comprehensive defence system. Large organisations have a lot of real estate to defend and many opportunities for weaknesses. Just one weakness somewhere in the chain can open the door to criminals.

Fighting the Criminals

The industry, therefore, is more vulnerable than most to attack but such is the promise of technology that the benefits outweigh the risks. We live in a digital world in which business is increasingly reliant on technology. Those organisations which do not embrace technology risk being left behind in the wake of those who do.

On the other hand, diving into digital innovation can place your business at the spearhead of a rapidly evolving and increasingly competitive market. Organisations, therefore, are driven both by the incentives of what technology can do for them and the fear of what it might do for their competitors.

The only choice, therefore, is to enter the world of digitisation with a clear cyber defence strategy, but this can be easier said than done. The connected nature of digital technology in the agricultural industry means there are many different endpoints to consider. An endpoint is any device which connects into IT systems whether it’s a laptop, tablet or connected equipment. If this is unsecured, it could potentially serve as a way into the system. It’s a bit like a castle having the strongest walls and best defences in the world, but someone leaves a tunnel open at the back.

All devices used will need to be monitored to be sure they are fully secured. This means regulating which devices people use to connect to systems. When employees use their own unsecured smartphones or tablets to log into central systems, they create a potential weakness in the wider network.

So too do your employees. Despite increased awareness about cybercrime and improved defences, employees remain the main threat to data security, either by malicious action or error. All someone has to do is click on an infected link to breach security and evidence suggests security measures within companies are alarming lax. A recent report from Microsoft found that almost half of employees admitted that they had received no security training in the past year while 36% said they had plugged a non-work data device into their computers.

This is a remarkably relaxed attitude despite 44% of respondents saying they had experienced problems with phishing, hacking or other kinds of cyber fraud. Many are failing to update passwords and also admit to recycling old ones. Basic security rules are routinely ignored.

The biggest threat, therefore, is from within. Organisations must accept full ownership of security measures from the top down. They must ensure all employees at all levels are aware of the threats and what’s expected from them. Every worker, from the most senior to most junior, can pose a security risk if they fail to follow guidelines.

Cybercrime is constantly evolving, so it’s also crucial to ensure strategy is reviewed and monitored regularly. It’s the same reason why antiviruses and software solutions provide updates. They are reacting to the changing nature of the threat to ensure their systems are secure. It’s easy to let these updates slide, but it can leave you vulnerable to the latest threats.

This is more than an organisational issue. Agriculture is a global business and makes up a connected network of global players stretching across different continents and regulatory regimes. Each of these territories has its own approaches and infrastructure. This segmentation leaves the wider economy vulnerable to ‘catastrophic attack’ as a report from the Council of Foreign Relations states. Creative thinking and wider intergovernmental cooperation will be vital to bolster cyber defences, but questions remain about who will take responsibility.

Government Action

Governments may also need to re-evaluate the seriousness with which they regard cyber attacks against the agricultural sector. In part this is because realisation is only just beginning to dawn about just how serious the threat against the sector is, but it’s also because it is seen as segmented and not presenting a serious threat to the economy in the same way that a large-scale attack against the financial sector might. However, agriculture controls the supply of food and is increasingly connected. It forms part of a much wider and interdependent network. If that doesn’t represent a threat then it’s hard to think what does.

The time has come, therefore, for all players to sit up and take notice. Data should be protected as the prime resource it is. It’s the lifeblood of the business enabling operations of all kinds to continue. The more a business depends on its data the more it needs to keep that data safe. This can be a bit of a leap for industries which have never felt themselves to be the targets of cybercrime, but the criminals are widening their aim and agribusiness lies firmly in their crosshairs.

C-19 Cyber Resilience Service: