4 minute read
CYBERCRIMES THE RISE: WHAT YOU CAN DO TO PREPARE IN 2023
Are On
By Richard Fleeman, Fortreum, LLC
Are you worried about the cybersecurity of your livestock or agricultural business? If you aren’t or haven’t thought about it, you should! Cyberattacks are continuing to trend upward, and small- to medium-sized businesses are an increasingly tempting target for cybercriminals. Small businesses often dismiss the need for cybersecurity protections, or they lack the budget, or they simply haven’t thought about it. The vulnerable nature of these small businesses is why they are the next big target for cybercriminals.
On an annual basis, Verizon publishes a Data Breach Investigations Report, which outlines that there was a 13% increase in the number of breaches or system compromises in 2022. Of all the breaches investigated, 82% of these are contributed to some sort of human element such as a phishing attack. Phishing is a technique that attackers will use to steal your username and passwords (credentials) to financial or other systems by sending cleverly crafted emails or text messages (SMS). The report goes on to highlight that 96% of all breaches are financially motivated. To put this in common terms, we live in an age where organized crime has moved from the city streets to the digital back alleys of our daily lives. This means everyone, whether they recognize it or not, is in a constant state of risk of suffering damages inflicted by these cybercriminals.
Over the last year, the FBI has released a series of statements warning agricultural co-ops that they could be the next target for ransomware attacks. Highly motivated attackers will target critical supply chains because they know this will elicit a response, typically monetary in nature. We know that protein producers and farmers are at ‘the root’ of the food chain, and production now more than ever is being driven by technology, which is constantly changing and controls everything from plotting and planting crops to watering and feeding livestock. When the systems that control these functions are compromised, the interruptions can be potentially crippling.
At this point, you might be thinking, “I run a feedyard,” or “I am a small ag producer. What can I do?” Understandably so. Most small businesses are very tightly run; however, one wrong click or submission of data could put your entire business at risk. With this in mind, I want to outline some simple measures which can be put into practice to help safeguard your business and keep production moving:
• Security Awareness Training – Educate your employees on the basics of security awareness and things to be cautious about such as phishing attacks over email and text, and practice good internet usage by avoiding clicking on links or opening files that you aren’t sure about where they originated even if they look legitimate. Often these files contain ransomware or malware.
• Antivirus and Malware Software – Make use of the native protective measures for your computer, such as Windows Defender. Additionally, there are several programs on the market that will detect and quarantine malware and protect you from common website attacks. These programs can be purchased and installed on your computers and mobile devices.
• Data Backups – Be sure you have all important data backed up to a location that is independent of your office or house. This will ensure you have a clean copy in the event you fall victim to ransomware or malware. Perform periodic full backups of this data (two to three revisions) on a regular cadence.
• Password Management – Use a password vault to generate and store unique passwords for all websites and systems (such as 1Password or Bitwarden). Do not reuse the same password on different systems or websites because, in the event a password becomes compromised, it will be limited to only that website or system since you are using unique passwords.
• Protect Your Personal Data – Do not unintentionally disclose information that attackers can use to reset your passwords or use to gain access to systems. This is quite common on social media channels where people participate and post facts about themselves – i.e., birthday, favorite seasons or foods, first vehicle, where you were born, etc. This information is often used as part of a password recovery process and attackers generate these seemingly harmless games on social media to build a profile on your personal data.
• Multifactor Authentication (MFA) – Use MFA on all mission-critical or financial systems where possible. This will help prevent unauthorized access if someone were to have your username and password. For example, multifactor authentication can consist of a username and password combination (something you know) with either an SMS or email code (something you have).
• Software Updates – Install any available updates to your operating systems and software. These updates usually include fixes for vulnerabilities that an attacker can leverage to gain access to your system.
Following these best practices will strengthen your defensive position and you will be less susceptible to common cyberattacks. For additional information, the Small Business Administration has resources for small businesses at https://www.sba.gov/ business-guide/ manage-your-business/strengthen-yourcybersecurity.
Sources
https://www.verizon.com/business/resources/reports/dbir/ https://www.aha.org/system/files/media/file/2021/09/fbi-tlpwhite-pin-cyber-criminal-actors-targeting-food-agriculturesector-ansomware-attacks-9-1-21.pdf
Richard Fleeman is a Director at Fortreum, LLC and is responsible for supporting a wide variety of customers in both the public and private sectors. Richard’s team provides offensive security services including network penetration testing, application penetration testing, and social engineering services. Richard has over 25 years of Information Technology and Information Security experience including application and network security assessments, security architecture design and implementation, incident response, vulnerability management, configuration management, as well as business continuity and disaster recovery planning. Before joining Fortreum, Richard was responsible for running a variety of teams focused on both compliance and offensive-based vulnerability management services. Richard maintains the following cer tifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), and Offensive Security Wireless Professional (OSWP).
