THE agricultural sector is rapidly increasing its use of technology but falling behind in cyber security – making it the perfect target for cyber-attacks, experts warn.

The ransomware attack that forced the week-long closure of JBS’ Australian operations last month was not a one-off event, but the latest escalation in a string of cyber hacks targetting Australian agricultural supply chains.

Last year saw two major attacks on Talman wool auction software system and Lion’s Australian brewing and dairy processing operations, and before that Bega Cheese and Cadbury’s Tasmania operations were targeted in seperate incidents in 2017.

While most attention is given to attacks on big business, there are also reasons why small businesses in agriculture present attractive targets for cyber criminals, says Cybersecurity expert Markus Hugenschmidt, Jam Cyber.

Whether they are planning to intercept invoices of an individual business, or to deny access to its IT system or to disrupt a larger supply chain of which it is part in order to receive a ransom, cyber attacks are a relatively low cost but high return business model for the perpetrators.

“It is a multi-billion dollar return on revenue business for the estimated five or six groups that dominate 70 or 75pc of the trade, if you want to call it that,” Mr Hugenschmidt said.

He said it was common for criminal groups to have hundreds of people earning as little as US$2 an hour working in buildings around the world. “There are literally factories full of people who do nothing but scamming the world with calls, phishing campaigns and social engineered attacks 24/7.

“If credentials come their way or if they can breach in, they start man in the middle attacks and observe mailboxes over months, because it is such a low cost base.

“Whenever the time is right this fake invoice comes through and that fake invoice has the new bank details on it and then the moneys are transferred.

“Phishing is also a given, that is the email, looks like (a credible email), you log on, you hand out your credentials, and the moment you do that you are open to become the man in the middle or other forms of ID theft.

“Agricultural businesses and food is a classic supply chain mechanism to target.

“If they find a provider big enough they can break into their cloud control systems, they can stop their watering systems or RFID management systems on scale and create damage and massive pressure for ransom payments.”

Ag business big on tech uptake, but low on cyber protection

Another reason why agricultural businesses are at risk is because they are among the biggest adopters of technology, which creates increased exposure to cyber attacks, but among the least likely businesses to have effective cyber security mechanisms in place.

ABS data shows there has been a 301 percent increase in the number of Australian agricultural businesses utilising cloud based technology between 2014 and 2020.

With that has come greater exposure to cyber criminals. ABS stats show agriculture was the fifth most likely industry to record a data breach in 2020.

However, despite that additional level of exposure, ABS data also indicate that agricultural business were the fifth least likely in any industry to invest in cyber security updates in 2020.

Most common forms of attack

The most common form of attack is ransomware, where a criminal is able block access to files and data on a subject’s computer system and force them to pay a ransom in order to restore their access and control.

Over two-thirds (67 percent) of Australian organisations suffered a ransomware attack in 12 months — 10 percentage points above the global average – according to Security Brief Australia’s November 2020 Crowstrike Survey.

Of those businesses, 33 percent paid the ransom, costing an average of AU$1.25 million for each breach, according to the same survey.

As it was revealed last week JBS also took that option, forced to pay the equivalent of AUD $14 million to regain control of its systems and to avoid data exfiltration.

Small businesses are also vulnerable to targeting scams such as Invoice redirection.

A report released by the ACCC in June showed that Australian businesses lost $128m in payment redirection schemes in 2020.

The uptake of technology in agriculture such as radio frequency identification, precision agriculture, internet of things, drones, SAAS (software as a service) applications such as cloud based computing and sensor monitoring and smart machines etc also increase the opportunity for cyber attacks.

The most typical cause of cyber breaches according to Stanford University remains human error, with approximately 88 percent of all data breaches caused by an employee mistake.

The costs of dealing with a cyber attack are invariably astronomical – for small to medium businesses the cost of a ransomware attack on average is $276,323 and takes about 51 days to resolve, according to Australian Federal Government information.

For larger businesses that escalates to $2.77 million and 296 days to contain.

Perhaps most sobering are the figures from the Australian Small Business & Family enterprise Ombudsman showing 22 percent of small businesses don’t recover from cyber attack.

How to protect your business

So what can Australian agricultural businesses do to protect themselves?

Mr Hugenschmidt said the Australian Government has produced a very smart framework outlining eight measures that, if adopted, would eradicate the vast majority of threats to any business – read more about “the Essential Eight” here

The Hon Andrew Hastie MP spoke of how ransomware was one of the most significant cyber threats facing Australian organisations when he held a roundtable with peak industry body representatives at ACSC Headquarters today https://t.co/Q8UrOPFvev pic.twitter.com/Gc5Y1CnKPK

— Australian Cyber Security Centre (@CyberGovAU) June 15, 2021

“If every Australian business were to adapt that simple framework and those eight measures then you could almost guarantee employee induced or employee created ransomware attacks would die overnight,” he said.

“However the average business at the moment implements only 1 to 5 of those measures.”

“The single most effective measure is the practice of telling a computer which software is good and then block everything else. That single measure would pretty much kill 9 out of 10 successful cyber attacks. It is called whitelisting.”

“The majority of successful ransomware attacks against small and medium business are actually started by an employee doing something silly like running a program. This could be prohibited with that one measure.”

”The next item to tackle is using smart password management and also keeping track of who has access to which master access for computers and the growing number of cloud software businesses use, like Office 365, Xero and Salesforce.

Over 90 percent of attacks start with ‘people error’

Over 90 percent of successful attacks started with people error, he said, and often involved simple “password laziness” such as employees using the same password and username across the board.

Mr Hugenschmidt said that because it was so low cost to deploy, ransomware was a universal threat against any sized business, small, medium, large.

Once they have successfully breached a businesses, ransomware attackers will then typically match the ransom they will demand to the size of the business they have targeted and what they believe they can get victims to pay.

“The big ones you read about, but it is so easy to deploy. If they know you are a one man mum and dad operation they might say $50,000, if they know you are a prestigious law firm they might say $300,000, if you’re a major corporate they might say $10 million.”

Mr Hugenschmidt’s business Jam Cyber provides cybersecurity management systems for Australian businesses, based on the Australian Cyber Security Centre’s Essential 8 strategies.