Cybersecurity in Agriculture: Why ‘We’re Too Small to Hack’ Is a Dangerous Myth
“I don’t need to worry about cybersecurity. No one cares about agriculture — and especially my operation. We’re just a small business or farm. Nobody really cares about us.”
I hate to think how many times I’ve heard this response when I ask agricultural businesses about cybersecurity.
Really?
Let’s go back in time to when precision ag was in its infancy. I would talk with customers about implementing an online backup system. You would have thought I’d asked for their firstborn. The response was almost always the same: They could not — and would not — connect a phone line to their computer (the way computers accessed the internet at the time). Just in case.
Fast forward to today and it’s still “no big deal.”
Again … really?
The reality is that agriculture has already been a target of cyberattacks. Several ag companies have been hit and became serious enough that in 2022 the FBI issued a cybersecurity alert for U.S. agriculture — also referencing Australia and the United Kingdom. The alert was specifically tied to several critical infrastructures, and agriculture is one of them.
Did you still say it’s no big deal?
One statistic I came across showed more than 70 cyberattacks on agricultural organizations since 2021. That number alone should make anyone pause.
Why agriculture?
Agriculture is a foundational industry in North American economies. While it may not be as much as it used to, agriculture has historically been an economic indicator — and it still impacts countless other industries. This includes freight and logistics, supply chains, food and beverage, foreign trade, and inputs into manufacturing and energy. And that’s just at the macro level.
Zooming in to a more micro level, let’s look at precision agriculture. For years, the industry has debated data ownership. Who owns the data? Who controls it?
The truth is simple: Hackers don’t care who owns it. If they get access to the data, they can get control. And suddenly, “knowledge is power” takes on a whole new meaning. We’re no longer talking about information. We’re talking about operational control.
The impact of a cyberattack can range widely. For some, it’s a nuisance — like a grain elevator that can’t access its grain software for marketing or contract management. The company might have had to revert to paper tickets until the issue was resolved. Business continued, but in grain marketing, that kind of disruption costs time and money.
For others, the damage can be far more severe.
The domino effect hits the business, their customers, their suppliers, and everyone connected to them. Data security is gone. Hackers now have access to operations, proprietary data, intellectual property, and customer information. And the dominoes just keep falling.
Cybersecurity is no longer optional. It’s a must-have for every operation — even on the farm.
Be careful with strange emails. Phishing attacks prey on fear, emotion, and urgency. All three prey on one thing: We don’t think, we react. When I failed those email tests, it was usually because I thought something was urgent or I was in a hurry and clicked without slowing down and thinking. Next thing I knew, I was retaking cybersecurity training … again.
But not all hacks start with email.
I know of a case where hackers shadowed an accounting employee over time, learning how they communicated, how they wrote, and how they interacted with coworkers. Once they felt confident, they sent an email to the company’s Accounts Payable Department requesting an ACH change, complete with a link. The message sounded just like the employee.
It might have felt a little off — but familiar enough that it was approved.
Fortunately, safety protocols caught the issue before money changed hands. No loss occurred, but just like that, hackers could have walked away with a significant amount — and no one would have been the wiser.
The takeaway from all this? When it comes to cybersecurity, questioning everything is a good thing. Slow down and realize not every email needs an immediate response. Make phone calls before approving system changes. Verify — don’t assume.
The biggest thing to realize is this: Hackers are already working in agriculture.
And your cybersecurity? It’s a very big deal.
Subscribe Today For
