Editor's Note: Each year, DTN publishes our choices for the top 10 ag news stories of the year as selected by DTN analysts, editors and reporters. Today, we begin the countdown with No. 10 looking at how high-tech criminals focus on targets they believe will cave under pressure for ransom, often using exploitation of data and customer identities as leverage to get millions in untraceable cryptocurrency. This year, one of their high-value targets was agriculture.
BIRMINGHAM, Ala. (DTN) -- What were we thinking? At the time our DTN/Progressive Farmer editors began to plan an in-depth report on cybersecurity and America's food supply, there had been no attack on Colonial Pipeline or JBS.
But it was pretty clear there was a problem. Beginning in 2020, when more people were off their corporate networks and remote business became the norm due to concerns over COVID-19, malware attacks spiked. As our first article was wrapping up in 2021, it was almost daily news that this agricultural target or that supplier had been shut down due to malware attacks.
Not only had U.S. agriculture become a high-value target for cyber attackers, but in many cases, the industry was uniquely open to such attacks, due to older systems, a lack of investment in IT security and a growing trend toward connectiveness within the industry as a whole.
During the year, DTN ran a series of stories that tied into work published in Progressive Farmer magazine; we also reported on incidents as they occurred.
We know we haven't seen the end of these attacks, but we are optimistic that 2022 will see more businesses in agriculture prioritize protecting their digital security profiles and building in redundancies to secure the data of users and all those connected supply chains.
LURKING BEYOND THE FARMGATE
You'll never see their faces, but high-tech criminals lurk far beyond the farmgate. Their intent is to cause chaos and financial loss for America's farmers and ranchers. The risk has only heightened as agriculture becomes increasingly digitally interconnected with the country's food supply and transportation networks.
"These attackers used to go after the Amazons and banking institutions of the world, but now they are looking at different companies, specifically those in agriculture and energy," said Sarah Engstrom, chief information security officer and vice president of IT security, productivity and privacy for CHS.
Engstrom is in the IT trenches every day for CHS, a diversified and global agribusiness cooperative organized in 1929, and headquartered in Minnesota. She did not shy away when asked to talk about the challenges large entities like CHS face from cyber-attackers.
"They are looking for targets they believe are more prone to caving under an attack, or to being exploited and not having the proper security resources in place," she said. "We are seeing it, and we are hearing of smaller companies getting pummeled with cyberattacks and ransomware."
FIGHTING CYBERCRIME ISN'T SIMPLE
Fighting cybercrime isn't as simple as installing a new lock and chain. Cybercriminals are high-tech crooks, constantly changing the tools of their trade. It's far from a new line of work.
Considered the first electronic bank robbery by many in law enforcement, Russian computer programmers working out of St. Petersburg hacked into the systems of a major U.S. bank in 1994 and started skimming money. The group made away with more than $10 million before the bank became aware of the intrusion.
IT'S NOT IF, BUT WHEN
Today, for many in IT, a data breach has become more of a "when" than a "what if" scenario. According to the FBI's 2020 Internet Crime Report, the agency received 791,790 cybercrime complaints in 2020, with losses of more than $4.1 billion. That is a 69% increase from year-earlier levels. The FBI reports attackers are increasingly using tools like machine learning, artificial intelligence and even 5G mobile networks to ramp up offenses.
The website GearBrain, which tracks data breaches and hacks, reported that in the first quarter of 2021, the number of people affected by data breaches climbed 564% compared to year-ago levels. The number of compromised companies in the U.S. were up 12% during that same period. The report says the "rise in supply chain attacks is troubling." Some IT specialists believe one reason for the increase has been the increase in employees working from home, where they are not always connected to company computer networks.
One of the most public breaches so far this year has been against JBS USA, a processor responsible for production of about one-fifth of this nation's meat supply. The company was forced to halt slaughter operations in 13 meat processing plants, and reported it paid $11 million to hackers to regain control of its systems. This happened despite reports from JBS USA that it spends more than $200 million annually on IT and employs more than 850 IT specialists around the world.
Agribusiness giants like Archer Daniels Midland Company (ADM) understand the threat hackers pose to their operations.
"We assume we will be a target. That is the safer position to take," stressed ADM president and CEO Juan Luciano, at a Wall Street Journal Global Food Forum.
Luciano explained the company's security is built around strategies for risk management, having redundancies and providing multiple sources for customers. They have a ransomware task force, retain cybersecurity experts and work with employees to create an awareness of common ways hackers gain access to a company.
"We have been in business 119 years. We've been through wars, hurricanes and a pandemic, and we kept 800 plants running and operating," Luciano said. "We own railyards, barges, trucks, ocean-going vessels. We have multiple locations. If you can't go to one elevator you can go to another. We can divert rail or trucking. We are not completely invulnerable, but we feel good about our level of protection."
THERE ARE NO GUARANTEES
Farmers and ranchers are increasingly sharing operation and personal data through a variety of online platforms today. What happens when an online supplier is hacked, and seed or inputs are suddenly inaccessible when they are most needed? What about markets? Transportation networks?
Redundancies and optional suppliers and buyers seem to be one of the best protections available today. Analysts stress the importance of building redundancies into every segment of an operation. In many cases, however, that's easier said than done. Because while the desire may be there to protect, the capital to do so isn't always available.
CHS' Engstrom said smaller companies especially are not always in a strong cybersecurity position often due to limited financial resources.
"In today's digital age, cybersecurity is a necessary place to invest if you are going to take a proactive or reactive posture. It's unfortunate, but many people still have a mindset that you can implement technology, set it and forget it. That is no longer an option. We have to move past that kind of thinking," she stressed.
Asked if precision agriculture and specialty-market data sharing are opening more operations up to potential attacks, Engstrom said the more interconnected we are in agriculture, the more opportunity it creates for cyberattackers.
"What a farmer or rancher can do right now to protect their operations, and their data, is to spend time and thought and have a conversation with any provider that is supposed to be securing their data. Ask if that entity is, in fact, investing in security. Ask them what attacks they can combat, how, and what's on their roadmap to continually mature. There is no going back. There is only asking the right questions and evaluating the security posture of whatever organizations we agree to do business with."
To read more key coverage of this topic from 2021, here are links to just a few of the cybersecurity articles that ran on DTN that led this issue to be one of our top ag news stories of the year:
Cyberattack on Iowa Cooperative Considered Terrorism: https://www.dtnpf.com/…
Food and Ag Sector Vulnerable to Ransomware Attacks:
Ag Corporations Prepare for Battle Against Hackers:
Victoria Myers can be reached at email@example.com
Follow her on Twitter @myersPF
(c) Copyright 2021 DTN, LLC. All rights reserved.