Be vigilant

Criminals traditionally defrauded farms and agribusinesses by chance. Now, they’re taking a more targeted approach to hit the agriculture sector where and when it’s most vulnerable.

Fortunately though, cyber threat awareness, along with the number of tools helping reduce vulnerability, are improving.

Joel Bouvier, director of cybersecurity for Farm Credit Canada, says most cyberattacks and associated instances of fraud still begin with compromised emails. But increasingly, fraudsters then use those compromised systems to take actions such as sending invoices to people associated with the compromised business.

In such cases, those receiving the invoice from what they consider to be a trusted source are at risk of forwarding funds to the unscrupulous actor.

“A big shift in trends in recent years is attacks on supply chains,” Bouvier says. “We’re definitely seeing more targeted attacks. It used to be opportunistic, where they would blast wide emails and hope to catch someone. Now they’re doing reconnaissance to understand their targets.”

The use of malware, software designed to compromise and lock down entire systems, is also more common than ever in agriculture, with hackers increasingly targeting businesses at critical times of year. For example, knocking out a grain elevator system during autumn harvest ensures maximum pressure on the victim directly, and indirectly on customers reliant on the system.

The increasing connectivity of modern production machines also raises the potential entry points for hackers.

“For equipment in general, software in modern equipment really should be up to date,” Bouvier says. “But you should also be aware of how it’s connected. A lot of vendors follow a practice of using a default password across all hardware. You should not be using those default passwords. And turn off remote access if you’re not going to use it.”

As the digital threat landscape changes, Bouvier says increased reporting from victims of cybercrime and fraud both helps raise awareness and lower the stigma of falling prey to cybercriminals.

He adds the basics of cybersecurity – keeping strong passwords, using two-step authentication, and so on – are more applicable than ever. Password managers can help maintain complex passwords, but in a way that is convenient to use.

Cybersecurity insurance is also available, a valuable tool for preventing loss and stress should the worst happen. Premiums are often based on how secure your organization is; some also cover business interruption. Insurance may also provide some financial coverage during those outages.

Bouvier recommends the Canadian Centre for Cybersecurity, calling it a “powerful resource where people can report cybercrime, and access information on what different threats look like, to better know what to watch out for.”

Bouvier says the Centre has excellent guidance for businesses of all sizes. It identifies the types of controls you should have, based on the size of your operation or organization. “If people don’t know where to start,” he says, “it gets them informed on what they should be doing.” •