Farms, agribusiness at risk from ransomware and other cybercrime
Australia's agricultural sector is underprepared for cyber-attacks and must act now to better protect sensitive commercial data, an organisation focused on the long-term prosperity of producers has warned.
AgriFutures Australia released a report on Monday calling for industries to take urgent action, saying farmers and agribusinesses must learn from the health sector, which became a cybercrime target after digitising patient records.
Last year, wool sales across the country were halted for more than a week after hackers disabled the sector's major trading system.
Australia exports between $60 million and $80 million of wool a week. During the ransomware attack, about 70,000 bales scheduled for sale were grounded.
A recent hack on global meat giant JBS took Australian meat processors offline for 1-3 days.
The Agrifutures report said:
"In recent years there has been a rapid uptake of technology, and with this, an increased risk of digital attacks.
"Australia's agriculture, fisheries and forestry sectors are in a similar position to where the health system was five years ago, a slow but gradually increasing adoption of new technologies, with a largely unmanaged cyber security risk."
A 2021 Agrifutures survey stated that the average confidence and understanding of cybersecurity and risk was 3.5 out of 5, with only 16 per cent of respondents having an incident response plan in place.
Stephen Kho from cybersecurity company, Avast, told Jason Regan on FlowFM's Country viewpoint program recently:
“Your device is also possibly connected to the wireless access point to your home office or off network where you’re agricultural system may be residing, your accounting system or control system that allows it to jump across and start looking for vulnerable systems.
“So that is one way, and a fairly common way, of how we are getting infected.”
To prevent potential hacks, Stephen Kho said:
“Get the latest updates, so that known vulnerabilities are not present and can be exploited by the attacker.
“The next really big layer of defence is education, because the human element is still a big threat, because we click on links on text messages or emails that sound interesting, or tries to fool you.”
Mr Kho said succumbing to ransomware attacks forced businesses to make unenviable choices:
“The advice from both the Australian Cyber Security Centre (ACSC), and the FBI, and other security organisations, is to not pay ransom because it can propagate and support these industries.
“But when you’re faced with critical infrastructure and food supply issues, or medical and health issues, then you weigh up (the situation).”
Agrifutures found hackers were seeking to profit from agricultural research, intellectual property and other commercially sensitive data, including through online payment portals and computerised machinery.
Lucrative personal and financial information was being put at risk, exposing people to identity theft.
A survey of about 1000 agriculture, fisheries and forestry producers found they overestimated threats from activists and competitors while underestimating the risk of supply chain data breaches. The Agrifutures report said:
"This points to the possibility that the sectors don't really understand their cyber threats as well as they should."
Agrifutures also found that many organisations had not adopted comprehensive cybersecurity controls. Many respondents also lacked the ability or knowledge of how or where to get assistance for a cyber attack.
Ransomware, phishing, scam emails, malware and data breaches were among the most common attacks.