With the news of the world’s largest meat supplier, JBS USA, announcing that its servers were cyberattacked recently, many ag businesses have been handed an unpleasant reality check that this threat is indeed real, and that hackers are like ants… they will find ways to infiltrate wherever they can. This has left many ag operations wondering how vulnerable their own operations are today.
“While we often only see large operations make the headlines after a cyberattack, it’s really important to understand that hackers will penetrate and steal from any size of business if they are able to,” says Melissa DeDonder, business technology consultant at K·Coe Isom.
Most agribusinesses spend so much time strategizing about how to minimize and avoid natural disasters and threats, that many skip over planning for perhaps the largest unnatural threat they may face: cybersecurity attacks. These attacks can be harmful beyond your business – often impacting suppliers, distributors, and customers as well.
“If your business isn’t positioned to identify and react quickly to a cyberattack, it can be a devastating loss – especially for the small- to medium-size businesses that don’t have any strategies in place,” says DeDonder.
Businesses of all shapes and sizes need to implement an ongoing prevention plan, as well as detection strategies, so that if a breach in security should happen, they can act quickly to identify it and minimize potential losses.
Below, K·Coe’s technology advisors highlight some vital areas for ag businesses to consider when assessing cybersecurity vulnerability and ways to implement control processes across the entire operation.
5 Ways to Lower Your Vulnerability to Cyberattacks
- Recognize your operation’s cybersecurity risks.
- You should be able to identify and evaluate potential risks, the sources, how to address them, and develop a cyber risk management program to meet any and all regulatory obligations.
- Do you or another executive manager receive regular updates on operational security? Consider forming a steering committee to regularly review metrics and help balance business goals and security measures.
- Regularly conduct a penetration test of your cyber defenses. This will help identify vulnerabilities than need to be addressed, and whether your business’ security program can handle cyber risks.
- Have a recognized, accepted framework in place. Set up a framework such as the NIST Cybersecurity Framework (https://www.nist.gov/cyberframework), to address cybersecurity defense in depth.
- Keep an inventory of systems, software, data, and information.
- In addition to your equipment inventory, make sure to include cloud applications, mobile applications and other third parties who may have access or control of the firm’s data and information. Your answer should be complete with a financial ledger or physical assets inventory, and risks associated with each.
- Evaluate internal and external cybersecurity controls.
- Check your cybersecurity-related deficiencies in internal controls over financial reporting. Assess and remedy any deficiencies, as they are sometimes signs that broader cyber security deficiencies may exist.
- External, third-party sources should be checked to ensure they align with your policies and controls for data protection. Assess whether they monitor their controls and consider any risks with suppliers, sellers, and contracts that could pose damage to your company.
- Practice ongoing, employee awareness and training for cybersecurity best practices. Make sure employees know their roles and understand how to handle and secure sensitive information.
For questions regarding cybersecurity controls, frameworks, and implementing best practices for prevention and detection, contact a K·Coe technology advisor.