Cyber & Agriculture

What industries come to mind when thinking about those least likely to be attacked by cyber criminals and organisations? Agriculture is probably near the top of that list; however this article will touch on why that is becoming a common misconception.

The war between Russia and Ukraine continues, including cyber warfare, with the fallout impacting many other countries. Frequent Russian state-sponsored attacks have been aimed at national critical infrastructure, and it shouldn’t be surprising that the food industry is part of that infrastructure. The agricultural industry is experiencing a spike in cyber-attacks (one of the top 10 industries impacted), and they are well-funded and driven by technically competent hackers.

Now if we add an industry which has long ignored or not needed to be resilient into that mixture, we have a potential recipe for disaster. The potential impact of a successful attack on the agricultural industry is slowly beginning to dawn on people. Unfortunately, the speed of the industry’s response to the attacks is not commensurate with the uptick in attack volumes.

For some farmers, margins are sometimes low and therefore significant impacts to operations can plunge long-standing, reputable businesses into the red. Technology is becoming a more prominent factor in agriculture, whether that be dairy, livestock or arable farming. A need for streamlining production and integrating heavily with supply chains opens up new vectors of risk not previously experienced.

Let’s take arable farming as an example. Crop yields are heavily dependent on the weather and the accuracy of forecasts. Hacking weather prediction equipment and/or smart irrigation equipment can significantly impact crop growth and yields. The trickle-down effect of this will have knock-on impacts on food pricing nationwide. Supply may be unable to meet demand and before we know it, our critical infrastructure is under threat.

Similar risks apply to financial and business critical data. I remember a client who maintained all their crop yield calculations in a complex Excel spreadsheet which wasn’t backed up… anywhere! That multi-tab spreadsheet was crucial to their financial results and forecasting year-on-year and yet so little time or attention was applied to securely maintaining that document. Identifying this level of reliance on data and securing it is fundamental to any organisation and its longevity.

To make real change in an organisation, responsibility and accountability need to be attributed. A recent government survey across all industries continued to identify a lack of accountability at board level for cybersecurity. If we consider the agricultural industry specifically, only 17% have a representative on their board accountable for cybersecurity. That’s just 1 in 6 agricultural organisations. Combine this with the increasing relevance of cybersecurity to the industry and this is quite a concerning factor.

Organisations require a top-down driven approach to enact change and instil long-term cultural changes. A security conscious mindset is not something which can be adopted overnight, nor are robust internal controls and system configurations. It takes time, multiple iterations, and significant professional guidance.

There’s no shame in not knowing how to address cyber risks to your organisation. Equally, it doesn’t hurt to ask for a little help or guidance from the right professional.

To address the increase in cyber risk to this industry, organisations need to start talking about cybersecurity and resilience – what better way to start than with one of PKF Francis Clark’s cybersecurity professionals?

Every day our specialists work with clients to demystify the world of cybersecurity and help them embark on a journey which is commensurate with their organisation’s risk profile, risk appetite and strategic plans. To find out more about our cyber team, click here.