When a person thinks of cyber security, it’s not often thought about in the context of agriculture, or at the same time as agriculture. But, recent cyber security attacks in the past few months have prompted large and small companies alike to review the risks and vulnerabilities to attack.
Darktrace is a cyber security company that uses artificial intelligence to find, stop, and investigate cyber threats.
David Masson, director of enterprise security at Darktrace says cyber threats aren’t going anywhere anytime soon. In Canada, where there’s a high level of internet-connectivity, cyber threats will just become a fact of life, he says.
“When it comes to scaling the effect of an attack, in some ways it depends what the attack is, but we need to understand that the impact can be more than just paying ransoms, losing money, or having your data stolen — it can spread into things that damage your reputation, can affect your share price, and can lose you customers,” says Masson.
Masson says that these cyber attacks aren’t trivial issues — they have massive impact on the industry or the individuals that they happen to.
If a ransom is demanded from the victim, how often is that ransom paid, and should it be paid? Masson says that will be an in-situ consideration for the individual or organization. However, the cost of rebuilding a database might actually be more than the ransom.
“Paying the ransom doesn’t actually guarantee that you’ll get all your data back, or your data back in a workable condition,” cautions Masson.
There are many different types of cyber attacks that affect agriculture here in Canada, a fact that not everyone has accepted or is aware of.
“It’s almost inevitable that these kind of attacks will get inside the computer networks on farms and and the agriculture business, but it’s not inevitable that they’ll cause damage,” says Masson, “it is possible to stop these attacks and to mitigate the impact that they have.”
As for individual farms, Masson says that the threat level evidence is anecdotal so far, but a government initiative is looking at establishing that level. Unfortunately the sophistication and abundance of cyber attacks isn’t funded in a proportion that can support the research fast enough.
Masson says the first step in defending against a cyber attack is knowing that it’s not up to an individual to decide if they’re worth attacking or not — that’s up to the bad guy. Next is determining what your internet-connected assets are which, for an agricultural operation, can be a lot. Masson suggests dividing home and business internet, as well as segmenting any machinery connections.
Masson also suggests to never use default passwords; always change passwords from the default, immediately.
Protecting the farm from cyber attacks requires good education, Masson says, and making sure everyone understands what threats exists, combined with good technology.