T
THE agricultural sector is rapidly increasing its use of technology but falling behind in cyber security – making it the perfect target for cyber-attacks, experts warn.
The ransomware attack that forced the week-long closure of JBS’ Australian operations earlier this month was not a one-off event but the latest escalation in a string of cyber hacks on Australian agricultural supply chains.
Others have included Bega Cheese and Cadbury’s Tasmania operations in 2017, and the Talman wool auction software system and Lion’s Australian brewing and dairy processing operations last year.
Markus Hugenschmidt
While big attacks attract public attention, small businesses in agriculture are also attractive targets for cyber criminals for a range of reasons, says Cybersecurity expert Markus Hugenschmidt of Jam Cyber, including the potential to redirect invoice payments and the threat of ransomware.
Agricultural businesses have recorded a strong uptake of technology adoption, with ABS stats showing a 301 percent increase in the number of Australian agricultural businesses utilising cloud based technology between 2014 and 2020.
With that has come greater exposure to cyber criminals, with ABS stats also showing that agriculture was the fifth most likely industry to record a data breach in 2020.
However, despite that additional level of exposure, ABS data also indicate that agricultural business were the fifth least likely in any industry to invest in cyber security updates in 2020.
The most common form of attack is ransomware, where a criminal is able block access to files and data on a subject’s computer system and force them to pay a ransom in order to restore their access and control.
Over two-thirds (67%) of Australian organisations have suffered a ransomware attack in the last 12 months — 10 percentage points above the global average, according to Security Brief Australia’s Crowstrike Survey.
Of those businesses, 33 percent paid the ransom, costing an average of AU$1.25 million for each breach, according to the same survey.
As it was revealed last week JBS also took that option, forced to pay the equivalent of AUD $14 million to regain control of its systems and to avoid data exfiltration.
Small businesses are also vulnerable to targeting scams such as Invoice redirection.
A report released by the ACCC just last week showed that businesses lost $128m in payment redirection schemes in 2020.
The uptake of technology in agriculture such as radio frequency identification, precision agriculture, internet of things, drones, SAAS (software as a service) applications such as cloud based computing and sensor monitoring and smart machines etc also increase the opportunity for cyber attacks.
The most typical cause of cyber breaches according to Stanford University remains human error, with approximately 88 percent of all data breaches caused by an employee mistake.
The costs of dealing with a cyber attack are invariably astronomical – for small to medium businesses the cost of a ransomware attack on average is $276,323 and takes about 51 days to resolve, according to Australian Federal Government information.
For larger businesses that escalates to $2.77 million and 296 days to contain.
Perhaps most sobering are the figures from the Australian Small Business & Family enterprise Ombudsman showing 22 percent of small businesses don’t recover from cyber attack.
How to protect your business
So what can Australian agricultural businesses do to protect themselves?
Mr Hugenschmidt said the Australian Government has produced a very smart framework outlining eight measures that, if adopted, would eradicate the vast majority of threats to any business – read more about “the Essential Eight” here
The Hon Andrew Hastie MP spoke of how ransomware was one of the most significant cyber threats facing Australian organisations when he held a roundtable with peak industry body representatives at ACSC Headquarters today https://t.co/Q8UrOPFvev pic.twitter.com/Gc5Y1CnKPK
— Australian Cyber Security Centre (@CyberGovAU) June 15, 2021
“If every Australian business were to adapt that simple framework and those eight measures then you could almost guarantee employee induced or employee created ransomware attacks would die overnight,” he said.
“However the average business at the moment implements only 1 to 5 of those measures.”
“The single most effective measure is the practice of telling a computer which software is good and then block everything else. That single measure would pretty much kill 9 out of 10 successful cyber attacks. It is called whitelisting.”
“The majority of successful ransomware attacks against small and medium business are actually started by an employee doing something silly like running a program. This could be prohibited with that one measure.”
”The next item to tackle is using smart password management and also keeping track of who has access to which master access for computers and the growing number of cloud software businesses use, like Office 365, Xero and Salesforce.
Over 90 percent of successful attacks started with people error, he said, and often involved simple “password laziness” such as employees using the same password and username across the board.
Ultimately the main reason ransomware exists is because it is a very successful business model for the perpetrators.
“It is a multi-billion dollar return on revenue business for the estimated five or six groups that dominate 70 or 75pc of the trade, if you want to call it that,” Mr Hugenschmidt said.
“They might have 100 people costing US$2 an hour each somewhere in Russia or Somalia; there are literally factories full of people who do nothing but scamming the world with calls, phishing campaigns and social engineered attacks 24/7.
“If credentials come their way or if they can breach in, they start man in the middle attacks and observe mailboxes over months, because it is such a low cost base.
“Whenever the time is right this fake invoice comes through and that fake invoice has the new bank details on it and then the moneys are transferred.
“Phishing is also a given, that is the email, looks like (a credible email), you log on, you hand out your credentials, and the moment you do that you are open to become the man in the middle or other forms of ID theft.
“Agricultural businesses and food is a classic supply chain mechanism to target.
“If they find a provider big enough they can break into their cloud control systems, they can stop their watering systems or RFID management systems on scale and create damage and massive pressure for ransom payments.”
Mr Hugenschmidt said that because it was so low cost to deploy, ransomware was a universal threat against any sized business, small, medium, large
“The big ones you read about, but it is so easy to deploy. If they know you are a one man mum and dad operation they might say $50,000, if they know you are a prestigious law firm they might say $300,000, if you’re a major corporate they might say $10 million.”
Mr Hugenschmidt’s own business Jam Cyber specialises in providing cybersecurity management systems for Australian businesses, based on the Australian Cyber Security Centre’s Essential 8 strategies.
Hackers have been working smartly at least since 2017 first hacking emails from meat trading companies Based in South America. At least , I know two cases in which hackers easily extracted information of Chinese beef buyers confirming contracts to a based trader in Uruguay. Hackers then sent emails from the same email address of the trader asking to send the 30% deposit to an American bank in branch in NYC. The hackers were even able to open a business account with the same name of the trading company in Uruguay. The Chinese buyer was in for usd 300K as he sent the deposit to a hacker. AmazinG, that the bank account was opened with exactly the same name of the trading company . That was the beginning, in my view, of hacking meat business which moves 50 billion plus a year and can easily afford to pay a few million Ransom . “Be afraid, be very afraid”