Password, please

A growing threat from ransomware incidents means growers, grain handlers and others should take steps to educate themselves and their employees on how to reduce their risk of cyberattack.

The food and agriculture sector is almost entirely under private ownership and includes an estimated 2.1 million farms and accounts for roughly one-fifth of the nation’s economic activity.¹ This sector is also increasingly targeted by cyberattacks. As the sector moves to adopt more smart technologies and internet-connected processes, the attack surface increases.

According to the Federal Bureau of Investigation (FBI), cybercriminals use a variety of techniques to infect victims with ransomware. The most common means of infection are email phishing campaigns, remote desktop protocol (RDP) vulnerabilities and software vulnerabilities. In a ransomware attack, the attacker steals and encrypts the victim’s data and holds it hostage in hopes of receiving a ransom payment.

Food and agriculture businesses victimized by ransomware suffer significant financial losses resulting from ransom payments, loss of productivity, disrupted operations and remediation costs. Companies may experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.²

“Change accelerated by the pandemic is being exploited by hackers,” said Vinod Brahmapuram, chief information security officer for the State of Washington Technology Solutions, which is the agency that operates the state’s core technology infrastructure. Brahmapuram participated in a panel discussion during the Washington Digital Government Summit last October.

In the changing landscape, bad actors are seeking out new vulnerabilities to exploit. The large-scale fraud targeted at Washington’s Employment Security Department and other states’ unemployment offices during the pandemic in 2020 is just one example.

“Phishing attacks are on the rise,” George Freeman said during the same panel. Freeman is a fraud and identity solutions consultant for LexisNexis Risk Solutions. “Hackers are coming in as authorized users.”

According to Bloomberg News, cybercriminals who attacked the Colonial Pipeline with ransomware in spring 2021 accessed the company’s network through a single compromised password.

In addition to grinding operations to a halt, cyberattacks can also impact the food supply chain. The May 2021 cyberattack on JBS, one of the world’s largest meatpackers, caused disruptions to supply chains, logistics and transportation to customers. And it increased consumer prices said Jennifer van de Ligt of the University of Minnesota Food Protection and Defense Institute in a Pacific Northwest Ag Network article.

Last September, a ransomware attack hit a farm supply and grain marketing organization based in Mankato, Minn., taking down the company’s website and “severely interrupting” operations. The attack took several days to resolve in the middle of fall harvest activities, according to an article by The Free Press.

From 2019 to 2020, the average ransom demand doubled, and the average cyber insurance payout increased by 65 percent.2 In Washington, more than 150 ransomware incidents were recorded in 2021, more than the previous five years combined, according to a report from the Washington Attorney General’s Office. The full report is available online at https://bit.ly/data-breach1.

“End-user education has never been more important than it is today,” said Aaron McAllister, a systems engineering manager at Palo Alto Networks and panelist last October.
The easiest way you can protect your logins is by using a multifactor authentication wherever you can, said Brahmapuram.

The FBI’s Cyber Division published the following steps that can be implemented to mitigate the threat and protect against ransomware attacks. Those recommendations include:

• Regularly back up data, employ an air gap if necessary and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software and firmware as soon as they are released.
• Use multifactor authentication with strong pass phrases where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.
• Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  Require administrator credentials to install software.
• Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
• Install and regularly update antivirus and anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
• Consider adding an email banner to messages coming from outside your organizations.
• Disable hyperlinks in received emails.
• Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Additional resources

Growers looking for additional local resources can find more here:

Northwest Farm Credit Services held a free Ag Outlook Cybersecurity Webinar for its customers on Jan. 6, covering real-life examples and practical action steps you can use to protect your data, money, security and privacy. Washington growers can access the recording online.

Spokane-based company, Drip7, offers a “gamified” approach to learning about cybersecurity and compliance. The subscription-based microlearning software platform offers a free trial.

The Washington Attorney General’s Office 2021 Data Breach Report provides resources for individuals affected by a data breach or identity theft. See page 22.