This October marks the 20th year of Cybersecurity Awareness Month, an online safety education initiative presented by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NSA).
With the theme Secure our World, this year’s initiative is offering a program on best practices and simple steps businesses can take to outsmart online outlaws. The National Grain and Feed Association (NGFA) is supporting their efforts by sharing cybersecurity information and program updates to better inform feed and grain businesses and ag cooperatives, which can be targeted by ransomware actors at critical times like harvest season.
A cybersecurity attack is capable of disrupting feed and grain operations, the food supply chain, and can be costly for agribusinesses that don’t take precautions to protect their data.
One of the most successful tactics cyberattackers use is "phishing," or digital messages that appear to be sent from a trusted source in hopes the recipient will accidentally download malware to their device or reveal confidential information. Agribusinesses can avoid these threats by training employees to recognize the signs of phishing and to report them immediately.
How to recognize phishing
Successful phishing emails are easy to spot for the trained eye. Messages often include:·
- Urgent tone with emotionally charged language
- Requests for personal and/or financial information
- Unusual or unrequested file attachments
- Unfamiliar shortened URLs
- Email addresses that are not the same as the sender’s name
If an email seems suspicious or contains several misspellings and poor grammar, it could be a sign of phishing. Do not call phone numbers included in the message, open any attachments or click any links — including an “unsubscribe” button.
Phishing best practices
If a recipient is unsure or believes it could be from a trusted sender, continue to avoid sharing sensitive information or credentials until the source can be verified. First, seek out ways to validate the supposed company or sender. CISA said to visit the company’s website from your own web browser to locate the company’s contact information, or, if the sender is identified as someone you know, call them at a trusted number and confirm whether they sent the email.
If following these steps fails to confirm the message's source, it should be deleted and reported as phishing to your organization’s IT administrator.
CISA also recommended utilizing the “report spam” feature included in email platforms to protect against future attempts from the spammer. If the message appears to be from an organization you conduct business with, they should be alerted about the incident.
3 tips to stop hackers in their tracks
CISA's Secure Our World program offers resources and advice for companies and individuals. In addition to recognizing and reporting phishing, here are three tips to follow to stay safe online.
- Beef up password strength: Simple passwords can be easy for cyberattackers to guess if they have any of your personal information. Avoid this by creating long (at least 16 characters) random passwords that are unique for each site you regularly use. Passwords should include all four character types — uppercase, lowercase, numbers and symbols. Secure password manager programs can also be used to help create strong, unique passwords for each account and maintains and stores them online automatically.
- Take extra steps to boost security: MFA is the second line of defense to a strong password. Enabling multifactor authentication (MFA) significantly limits hackers’ ability to access online accounts, even with the correct password. This step requires a face scan or a code sent via text message in order to successfully gain account access. MFA should be enabled on all devices and platforms that offer it, including email, social media and financial accounts.
- Resist clicking “Remind me later": Regularly updating software is key to ensuring devices have the latest security patches. Turning on automatic updates is one way to stay up-to-date, but if not available, update devices, apps and software — especially antivirus software — every time a notification appears that updates are available. Checking for updates and installing them immediately closes security code bugs and keeps important data secure.
For more information about Cybersecurity Awareness Month and to participate in social media activities throughout October, visit cisa.gov/cybersecurity-awareness-month, staysafeonline.org/cybersecurity-awareness-month/ and follow the hashtags #CybersecurityAwarenessMonth and #SecureOurWorld.
Cybersecurity attacks target grain companies
The FBI, CISA and the National Security Agency (NSA) have investigated ransomware occurrences against up to 14 critical U.S. infrastructure sectors, including food and agriculture, defense, emergency services, government facilities and information technology sectors.
Ransomware attacks against six grain cooperatives reported in 2021 prompted the FBI to issue a Private Industry Notification that ransomware actors may be more likely to attack ag cooperatives at critical harvest seasons and at planting season to disrupt seed and fertilizer supplies.
Two attacks in 2022 directly targeted feed mills and grain processors. In February, a feed milling and other agricultural services provider reported two instances of an unauthorized user gaining access to some of its systems in attempts to initiate a ransomware attack. Both incidents were detected and thwarted before encryption occurred.
In March, during the critical spring planting season, a multi-state company that provides seed, fertilizer, logistics services and grain processing suffered, a Lockbit 2.0 ransomware attack.
While Cybersecurity Awareness Month serves as a timely reminder to stay vigilant in protecting grain and feed operations from malicious actors this harvest season, following these best practices year round is key to long-term security for agribusinesses and their data.
