Top 6 Questions (and Answers) Every Agribusiness Should Be Asking About Cyberattacks and Data Security
Editor’s note: At the recent Tech Hub LIVE Conference and Expo, Michael Moore, Executive Vice President, EFC Systems, presented an informative session titled “The Anatomy of a Ransomware Attack”. Michael has received many questions on this hot topic over the past year. In the following article, he provides some of the most commonly asked questions, including solutions and answers to each of them.
Cyberattacks are an ever-growing threat to thousands of organizations and businesses worldwide and the ag industry is a top target these days. In fact, experts estimate that a ransomware attack will occur every 11 seconds. With that in mind, here are the most common questions — and answers — on cyberattacks and data security that will quickly educate you on the subject.
- Is the ag industry a target for cyberattacks? Not only is ag a target, but it is an easy target regardless of size. On average, ag retailers allocate about .6% of gross revenues towards their technology budgets. Underspending on technology makes it extremely challenging to install the necessary lines of defense to protect technical resources and opens the door for threat actors to enter your environment. As a comparison, businesses outside of ag allocate 2%-5% of gross revenues towards their technology budget and actual amounts vary based on company size and industry. The increased technology spend allows for advanced tools to be installed that ultimately protect business applications and help secure sensitive data. While purchasing equipment and upgrading facilities are more exciting topics when budgeting, remember to allocate the necessary funds to your technology budget to defend against the threats of today.
- How do cyberattacks occur? Roughly 91% of cyberattacks originate from individuals clicking on embedded links in enticing emails that are commonly referred to as a phishing email. Once activated, harmful tools are installed on source systems that ultimately provide a gateway for threat actors to encrypt computer systems and hijack sensitive data. We all play a vital role in reducing the spread of cyberattacks by bringing awareness of phishing attempts. Incorporating phishing training and simulation services will educate your team members on the undesirable consequences that successful phishing attempts deliver and will provide insights on which individuals are more prone to respond. Phishing training and simulation services are a cost-effective way to reduce risk through education and has significant ROI. So, think twice before clicking on that link in an email and be sure to validate unexpected emails before acting.
- What happens during a cyberattack? It is common for tools installed by threat actors to go undetected for weeks or months so that critical systems and sensitive data can be identified for encryption at a future date. Once complete, threat actors will encrypt data and a systematic process to shutdown systems will occur. It all starts with one user reporting some sort of cyber notice, which quickly spans throughout the entire network. Access to various systems for accounting/financial, agronomy operations, email, and other mission-critical applications are all unavailable. Eventually, a ransom notice will surface and a request to negotiate a price to restore access to systems and data will occur. During this time technology teams should be following their Incident Response Plan (IRP) to assess the damage, determine system restore points, bring up new systems on a clean network, clean infected devices, and transition from electronic to a manual/paper path to continue to serve customers. It is common to engage with outside firms for legal, forensics, and negotiation services, especially for those with cyber insurance coverage.
- Why should I be concerned about cyber threats? The first obvious reason why cyberattacks should be concerning is generally all systems are unavailable during an attack, which creates operational challenges for every part of your organization. The second and less obvious reason is the exfiltration of data from your network can be sold on the dark web potentially exposing your customers and team members. Threat actors target sensitive data from HR and finance teams, so it is a good practice to encrypt, or password protect files that contain sensitive data to add an additional layer of protection.
- Do the above-mentioned items make you a little nervous about the current state of your network? Are you now asking what is the best path to secure your technical assets? If so, the FBI has a few resources that provide general information on the topic. The best low-cost option to determine your risk factor is to apply for a cyber insurance policy. Even if you do not intend to purchase a cyber policy, the process will provide valuable insights into the health of your systems as you complete the multi-page questionnaire that defines the current state of your network. The questionnaire will identify technology gaps within your environment that should transition to a prioritized project list to factor in your budget cycle. A few high-priority items will likely filter out throughout the process and immediate action should be taken in the event the insurance company is unwilling to extend a cyber policy.
- What are simple, yet effective ways to protect technical resources? Multi-factor authentication (MFA), Endpoint Detection and Response (EDR), and backups that are encrypted and detached from the primary network should be top priorities. MFA requires a two-step process to authenticate to various applications and is a good path to eliminate unauthorized access to systems. EDR solutions are antivirus on steroids that helps defend against potential threats while disabling systems with suspicious activity to reduce the spread of harmful tools throughout your network. Most insurance companies will not extend a cyber insurance policy without MFA, EDR, and encrypted backups and this should be a top priority to help mitigate cyber threats in your organization.
As cyberattacks are on the rise, a security-first mindset will help bring awareness across your organization. Taking the steps to review your incident response plan and align your budget with technical gaps will provide a roadmap to help mitigate potential cyber risk.