Jan 05, 2022

Cybersecurity: How to Prepare for an Attack

The time to start preparing your feed and grain facility for a data breach is now, says this panel of experts

Cybersecurity is the biggest issue ag has faced in decades.

While it may seem overwhelming or expensive to implement necessary cybersecurity policies, it must be done. Disruptions at the producer level ripple outwards, affecting the supply chain, the consumer and ultimately the U.S. economy.

At the recent National Grain and Feed Association (NGFA) Country Elevator Conference (CEC) held in December in Chicago, agribusiness experts discussed “Cybersecurity and Ag.”

In today's agricultural industry, there are many great digital products that keep us moving forward and connecting us on a deeper level than previous generations. But those same products are also putting us more at risk.

Experts noted that cybersecurity issues may seem complex, but often it’s the simple things that cause security breaches. Over 90% of malware that infects a business comes through an employee opening an email containing a virus.

The key to this threat is to not panic but be aware and think ahead.

The time to start is now

Sarah Engstrom, CISO and VP IT security, productivity and privacy, CHS Inc. notes cyberthreats seem to have gotten worse in the last 18 months. If you haven't invested, now is a good time to start.

"Some of you may have already experienced a cyber threat," says Engstrom. "The saying is, 'It's not if, it's when.' Be prepared."

Cybersecurity is a team sport and everyone needs to work together. She notes the U.S. government agency, Cybersecurity and Infrastructure Security Agency (CISA) provides free services to organizations, including assessments and documentation, to help prepare for that bad day a cyber breach happens.

Engstrom notes there are cybersecurity templates, found simply by googling, that can help you lay out your response to a threat. These templates, she says, can help you identify resources within your company as well obtain insurance that may help with a threat.

"Keep in mind," she notes. "Insurance providers are stepping it up. They're asking questions and have expectations that you'll have a plan, so you do have to be prepared."

You may need to have a third-party technical team or an internal IT department, and if you don't have one, Engstrom says start building one now.

Engstrom also noted that bad actors have three ways that they wreak havoc on an organization:

  1. Email insecurity -- Email security is critical. Use Multifactor Authentication (MFA) to secure email (See box: What is Multifactor Authentication?)
  2. Software vulnerability -- Make sure software is patched and up to date on each device -- cellphone, tablet, laptop -- that is used
  3. Remote access -- How employees access your information remotely should be secured

Some easy steps to get started

Jim O'Conner, CISO, Cargill, says being prepared for a cyber event is critical. Whether it's a data breach or the entire system going down.

"Being prepared is crucial," he says.

O'Conner notes several steps to start your cybersecurity preparation.

First, understand your technology environment. "All our operations are dependent on technology," he says. "What devices are used? What's the software? You have to know what you’re dealing with. What is the scope of your technology?"

Second, test your environment. Ask questions. What are the steps if something goes wrong? Who's in charge? Who do you call first?

"Start small," says O'Conner. "Go through drills and scenarios and understand how you would react in each one. Where would you start?"

Third, keep your software patched and up to date to lessen risks.

And fourth, keep email security top of mind. Everyone needs to help protect the business, and with over 90% of malware entering a system because an employee clicks a link or opens an attachment in an email, all users should be educated on the risks.

"Don't even let it get in," he says. "Invest in strong email security. You can mitigate a large amount of risk with minimum dollars by keeping your email secure."

Six basic steps for prevention

In 2021, there were 500 million attempts by bad actors to access corporate data, which is a million and half attempts each and every day, says Lee Gleason, vice president of sales, ProValue Insurance.

He notes there are six basic prevention steps to ensure the security of your data and keep it out of the hands of cyberthieves.

  1. Have an incident response plan
  2. Securely back-up your data
  3. Implement multifactor authentication (MFA)
  4. Paste and update software regularly
  5. Use endpoint detection and response (EDR) software
  6. Employee training

"Employees are on the front line, you have to continue to educate, educate, educate," says Gleason.

Gleason notes cyberthieves continue to develop new ways to get your information. Today, it's shown that MFA can block 99.9% of account compromise attacks.

"Last year, 94% of ransomware victims investigated did not use MFA," he says.

Beyond these steps, experts suggest investing in a cybersecurity insurance plan. Given the rash of recent incidents, however, providers have heightened expectation for their customers. A cyber event comes with many costs: legal, network damages, business interruption, ransom payments and reputation.

WHAT IS Multifactor Authentication (MFA)?

MFA is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity.

Each piece of evidence must come from a different category: something they know, something they have or something they are.

For example, MFA could be using a password together with a code sent to your smartphone to authenticate yourself. Another example is using a combination of a card (something you have) and a PIN (something you know).

RELATED READING
Cybersecurity: Does Your Grain Business Need a CISO?

Lisa Cleaver

Recently Added to Buyer's Guide

Bovizyme™ GA Enzyme

  • Enzyme solution that improves starch digestion efficiency for non-steam flaker feed yards
  • Improved feed efficiency through increased bodyweight gain and lower feed intake

VersaMix Triple Shaft Mixers

  • For mixing applications requiring efficient powder dispersion and critical homogenization of medium to high viscosity slurries, pastes, gels, creams and suspensions
  • High-shear mixer with solids/liquid injection manifold (SLIM) technology rotor/stator

GUC-F Controller

  • Multichannel feeding and dosing controller
  • Control solution for feeding and weighing applications in powder handling applications
  • Flexible and modular design with analog and digital load cells

ProFlo

  • Offers accurate and reliable continuous mass flow measurement of bulk solids with an accuracy of +/- 0.5% full scale
  • Measures mass of flowable solids with densities of 10 to 100 pounds/cubic foot and flow rates from 700 to 7,000 cubic feet/hour

Hydro-View

  • 10.1” touchscreen
  • Easy to install in new or existing systems

Sanderson Farms Feed Mill Expansion - Kinston, NC

  • Construction of a whole grain silo expansion (76’ diameter x 145’ tall) to hold 500,000 bushels
  • Expansion also includes a 12’x17’x22’ deep boot pit extension at the end of the existing receiving tunnel

Magazine

Marketwatch: Jan, 27

US Corn Price Idx: ZCPAUS.CM

open: 6.0509
high: 6.1392
low: 6.0271
close: 6.1307

US Soybean Price Idx: ZSPAUS.CM

open: 13.6827
high: 13.9874
low: 13.6618
close: 13.954

US Hard Red Winter Wheat Price Idx: KEPAUS.CM

open: 8.0183
high: 8.0333
low: 7.8538
close: 7.9653

US Soft Red Winter Wheat Price Idx: ZWPAUS.CM

open: 7.6378
high: 7.6553
low: 7.4777
close: 7.5549