Jul 28, 2022

Cybersecurity threats focus of Viva Fresh session

With agriculture highly dependent on technology, growers must prepare for and properly respond to cyberattacks.

A record number of cyberattacks occurred in 2021, said Greg Gatzke, president and founder of ZAG Technical Services. Gatzke discussed threats of malicious attacks growers face during an April 22 session at the Viva Fresh Produce Expo in Grapevine, Texas.

The Texas International Produce Association presents the annual event.

“We all know online networks are super-critical infrastructure,” said Gatzke, who heads the San Jose, California IT consulting firm and managed services provider. “Foreign actors and foreign criminals are coming after your business. If there’s a cyberattack, it will cost you something like $4 million, maybe more. It’s a big number. It’s far more serious than you think it is.”

Because perishables can be affected more by setbacks that affect the ability of a company to quickly send products through the supply chain, agriculture is particularly vulnerable to attacks.

In late April, the Federal Bureau of Investigation notified some producers that criminal operations were targeting the industry with ransomware attacks on agricultural cooperatives and other companies, Gatzke said. Grower company owners, operators and board members must be prepared, he said.

“They are coming directly after you and are timing the attacks based on the seasons,” he said. Criminals attack businesses through phishing emails and ransomware, the publishing of stolen data.

In phishing attacks, scammers pose as company owners, emailing accountants that payments are due. If successful, criminals gain access not only to the company’s email and banking information, but also to the company’s suppliers.

Gatzke reviewed a case involving a U.S. lettuce company that purchased equipment from a manufacturer in China. Hackers accessed the vendor’s account and sent an email to the lettuce company stating it had changed banks, directing a $30,000 down payment be paid to a new bank account. The company made the payment and soon found it had been defrauded.

While the lettuce company was able to talk its supplier into reducing the price tag by $10,000, to $50,000, the $30,000 loss was a major disruption and jeopardized the company, Gatzke said.

Agriculture is well behind the curve in cybersecurity and isn’t keeping up with the risks, he said.

“It’s not just your defense, but a holistic view,” he said. “You have to have a process in place with your accountants (so) they will call you first and not call the fake number.”

Businesses are starting to monitor their vendors more closely, Gatzke said. Losses also penetrate far deeper than payments. With loss of access to company PCs and servers, including PCs in the fields and across the country, a company loses its manufacturing ability. Trucks can’t ship, forfeiting business. Add customer disruptions, employee confusion, reputation damage, unfavorable media coverage plus potential litigation.

Using updated antivirus tools is critical. Many company antivirus systems are from the 1990s and remain out of date. PCs often have antivirus software that is more updated than company servers, which won’t catch the modern attacks.

“PCs are the biggest risk for many organizations,” said Gatzke. “Your kids have security for their Google accounts.

“Your kids should not be better protected than your business.”

Backing up data remains critical, he said. Personal identification, including Social Security numbers, on servers must be removed. If an HR person tells a company owner such information isn’t on the company’s servers, Gatzke said not to trust the statement because the HR person isn’t lying, it’s that they don’t know.

“Without preparation, you will pay,” Gatzke said. “You should be able to recover your data in 24 hours. If you can’t do that in this industry, you’re at risk.”

Multi-factor authentication should be considered. “If you’re not doing it, you will get hacked which costs you money. You will be way behind the times,” he added.

– Doug Ohlemeier, assistant editor