Changing the mindset about cyber security in agriculture

Only two weeks ago it was reported that Wiltshire Farm Foods was the victim of a cyber-attack that rendered its computer systems unusable. Cyber threats in agriculture are a growing problem and is a conversation we at the Cyber Resilience Centre for Wales are keen to start.




Helping farmers, growers, producers, veterinarians, automation technicians, grain buyers and other professionals in the sector to keep their businesses safer from online threats has never been more important. However, changing how people view cyber security in the first instance is a whole other ball game.


Are online criminals really interested in a small farm in Llansannan run as a micro-enterprise over an agri-farming business with significant turnover in Carmarthen? The answer is they are both potential targets to a hacker because they carry data - and lots of it – contracts, contacts, financial information, performance reports, employee details, the list is plentiful.


And then there’s the high-spec machinery, vehicles and tools that have become so prevalent in agriculture. Technology is a great thing, but it also has very problematic drawbacks when there’s a lack of awareness of how to protect these assets in a digital safeguarding capacity.


A risk analysis report completed by the University of Cambridge earlier this year warned that the future use of artificial intelligence in agriculture comes with substantial potential risks for farms, farmers and food security that are at present poorly understood and underappreciated.


The paper suggests that hackers could exploit flaws in agricultural hardware used to plant and harvest crops, such as automatic crop sprayers, drones and robotic harvesters. This fear is further heightened by the warnings of the UK government and the FBI regarding a growing threat of cyber-attacks in the past year, as well as the possibility that Russian state-sponsored hackers could target supply chains as a vital part of western national infrastructure.


We all keep information about ourselves and our businesses electronically. This is particularly true of the agricultural sector, which makes use of many ‘smart’, internet-connected systems as well as the usual email and accounting packages. These internet-connected technologies have become central to the way we live and do business today. As a direct result, they have become an attractive target for cybercriminals. Therefore, it’s so important to secure all the digital aspects of your business.


Where do you start?

Recognise what digital assets your business has. This means everything from the computer you use to send your emails and run your farm management software, to the automated machinery, security cameras and smart phones which help run your farm. By understanding the digital aspects of your business, you will be better placed to act against common cyber risks.


Consider:

· Is your software up to date?

· Do you have any old machines which are no longer supported – these should be replaced if possible.

· What online accounts do you use? Social media, email, banking, Rural Payments Service, HMRC etc. These need to have strong, unique passwords and enable two factor-authentication wherever possible.

· What data you need to backup and ensure that it is safe! – this is the information that you need to be able to function as a business. Backups should be conducted regularly and stored offline, consider using cloud storage to achieve this.

· Keep your devices secure. Switch on password protection and turn on the encryption product into your operating system (e.g. BitLocker/ Filevault).

· Ensure you and your staff are aware of what phishing is. Most phishing emails or texts rely on the following: authority (pretending to be someone official), urgency (you must respond immediately), emotion (does it make you feel scared, upset, panic?), scarcity (is there a fear of missing out).

· Criminals may know the dates of your BPS payment window so be extra vigilant around this time.


At the WCRC we want to encourage behavioural change, which means having a security mindset in all parts of your organisation. Recognising that the software you use as part of everyday business is every bit as important as your office buildings, factories, retails stores and farms.


The 2022 Cyber Security Breaches Survey identified that the agricultural sector was one of the least likely business types to have a board member taking responsibility for cyber security (23%). When you consider the significant impact a cyber-attack can have on production, resources, finances, services and reputation, it is surprising that so many businesses do not have this in place.


The Cyber Resilience Centre for Wales is here to support regional businesses across all sectors and farming is no exception. If you’re a farmer looking for guidance on cyber security, we offer free membership which informs you of the current threats and simple steps you can put in place to reduce your vulnerability to an attack.


By becoming a member, you will have the opportunity to also speak to one of the team about your own cyber security and concerns so don’t waste any more time, speak to someone today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.