Cybersecurity is the biggest issue ag has faced in decades.
While it may seem overwhelming or expensive to implement necessary cybersecurity policies, it must be done. Disruptions at the producer level ripple outwards, affecting the supply chain, the consumer and ultimately the U.S. economy.
At the recent National Grain and Feed Association (NGFA) Country Elevator Conference (CEC) held in December in Chicago, agribusiness experts discussed “Cybersecurity and Ag.”
In today's agricultural industry, there are many great digital products that keep us moving forward and connecting us on a deeper level than previous generations. But those same products are also putting us more at risk.
Experts noted that cybersecurity issues may seem complex, but often it’s the simple things that cause security breaches. Over 90% of malware that infects a business comes through an employee opening an email containing a virus.
The key to this threat is to not panic but be aware and think ahead.
The time to start is now
Sarah Engstrom, CISO and VP IT security, productivity and privacy, CHS Inc. notes cyberthreats seem to have gotten worse in the last 18 months. If you haven't invested, now is a good time to start.
"Some of you may have already experienced a cyber threat," says Engstrom. "The saying is, 'It's not if, it's when.' Be prepared."
Cybersecurity is a team sport and everyone needs to work together. She notes the U.S. government agency, Cybersecurity and Infrastructure Security Agency (CISA) provides free services to organizations, including assessments and documentation, to help prepare for that bad day a cyber breach happens.
Engstrom notes there are cybersecurity templates, found simply by googling, that can help you lay out your response to a threat. These templates, she says, can help you identify resources within your company as well obtain insurance that may help with a threat.
"Keep in mind," she notes. "Insurance providers are stepping it up. They're asking questions and have expectations that you'll have a plan, so you do have to be prepared."
You may need to have a third-party technical team or an internal IT department, and if you don't have one, Engstrom says start building one now.
Engstrom also noted that bad actors have three ways that they wreak havoc on an organization:
- Email insecurity -- Email security is critical. Use Multifactor Authentication (MFA) to secure email (See box: What is Multifactor Authentication?)
- Software vulnerability -- Make sure software is patched and up to date on each device -- cellphone, tablet, laptop -- that is used
- Remote access -- How employees access your information remotely should be secured
Some easy steps to get started
Jim O'Conner, CISO, Cargill, says being prepared for a cyber event is critical. Whether it's a data breach or the entire system going down.
"Being prepared is crucial," he says.
O'Conner notes several steps to start your cybersecurity preparation.
First, understand your technology environment. "All our operations are dependent on technology," he says. "What devices are used? What's the software? You have to know what you’re dealing with. What is the scope of your technology?"
Second, test your environment. Ask questions. What are the steps if something goes wrong? Who's in charge? Who do you call first?
"Start small," says O'Conner. "Go through drills and scenarios and understand how you would react in each one. Where would you start?"
Third, keep your software patched and up to date to lessen risks.
And fourth, keep email security top of mind. Everyone needs to help protect the business, and with over 90% of malware entering a system because an employee clicks a link or opens an attachment in an email, all users should be educated on the risks.
"Don't even let it get in," he says. "Invest in strong email security. You can mitigate a large amount of risk with minimum dollars by keeping your email secure."
Six basic steps for prevention
In 2021, there were 500 million attempts by bad actors to access corporate data, which is a million and half attempts each and every day, says Lee Gleason, vice president of sales, ProValue Insurance.
He notes there are six basic prevention steps to ensure the security of your data and keep it out of the hands of cyberthieves.
- Have an incident response plan
- Securely back-up your data
- Implement multifactor authentication (MFA)
- Paste and update software regularly
- Use endpoint detection and response (EDR) software
- Employee training
"Employees are on the front line, you have to continue to educate, educate, educate," says Gleason.
Gleason notes cyberthieves continue to develop new ways to get your information. Today, it's shown that MFA can block 99.9% of account compromise attacks.
"Last year, 94% of ransomware victims investigated did not use MFA," he says.
Beyond these steps, experts suggest investing in a cybersecurity insurance plan. Given the rash of recent incidents, however, providers have heightened expectation for their customers. A cyber event comes with many costs: legal, network damages, business interruption, ransom payments and reputation.
WHAT IS Multifactor Authentication (MFA)?
MFA is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity.
Each piece of evidence must come from a different category: something they know, something they have or something they are.
For example, MFA could be using a password together with a code sent to your smartphone to authenticate yourself. Another example is using a combination of a card (something you have) and a PIN (something you know).
RELATED READING
Cybersecurity: Does Your Grain Business Need a CISO?
