Grain Industry News

Ransomware Hits the Heartland

Published: Jan 05, 2022 by Leslie Casner
ransomware

Ransomware Hits the Heartland

Take precautions now to prevent greater damage

Ransomware is no longer something we read about happening to someone else. Cyber criminals have been attacking the agriculture industry on multiple levels. GEAPS members are getting hit—and it affects all of us.

A cyber-attack can shut down equipment, cause customers to lose faith and essentially make it impossible to do business. “Ransomware is a piece of software that gets installed into your network and the goal of that software is to lock up all of your data so you can’t get it, thus holding it for ransom,” explained cyber security expert Doug Jacobson, an Electrical and Computer Engineering professor at Iowa State University. He also serves as director of the Center for Cybersecurity Innovation and Outreach at Iowa State University. “It scrambles all of your data and the only way to unscramble it is to pay money to get the key back,” Jacobson said. “You can almost always recover; it just takes time and money.”

While it has been around for more than a decade, ransomware became a big moneymaker for hackers in recent years once digital currency became a player. Digital currency, such as Bitcoin, allows large sums of money to change hands anonymously with zero government regulation. The ag industry started appearing in ransomware headlines this year. Cyber criminals tend to go from industry to industry, Jacobson explained. It’s simply our turn. “They tend to shift targets. As an industry gets hit, the industry rallies and then they will move onto other places. It’s just like any crime,” Jacobson said. It’s time for us to rally. Sometimes cyber criminals cast a wide net looking for victims. One of your employees might respond to or click a link in a phishing email—perhaps one that looks just like emails you get from one of your suppliers. Other times, when hackers determine your business may result in a big pay out, they deploy a targeted attack. “The bigger the score, the more targeted they tend to be,” Jacobson said.

While hackers are notoriously difficult to catch, there are ways to decrease your chances of becoming a victim. “Everybody is potentially susceptible to this,” Jacobson said. “Everybody has to be prepared.” Mark Prinsen has been handling technology for GEAPS for more years than he can count. He said one of the best ways to prepare is to look through the questionnaire you filled out when purchasing cyber insurance. “As you’re reading through their questionnaire—they’re telling you, these are the things you should be doing. If you did it, you’d be less likely to get ransomware and your insurance rates would be lower,” Prinsen said.

Suggested preventative measures include firewalls, not clicking on bad links, email scanning systems, strong passwords and backups of all of your data and a plan on what to do if something happens. Not sure how to take the necessary steps to protect your business? Jacobson suggests hiring a contractor to come in, see where you’re at and work to make your system more secure and to always practice good cyber hygiene. “A better strategy is to bring in an outside group to help assess what your security posture and strategy is. They’ll run you through the same sort of rigor the insurance company will force you to have,” Jacobson said.

Steps may include employee training, modifying employee access and general good cyber security practices. “It either comes in because you clicked on a link, downloaded something and said yes—said yes the 14 times your computer says ‘do you really want to do this?’—or, in some cases, it’s bad credentials,” Jacobson said.

No matter how a hacker gets in, the best first step is prevention. “Practice for the disaster. Know what you’re going to do. A lot of people talk about it’s a matter of when, not if. If you go on that assumption—it’s a matter of when, not if—what are you going to do? How are you going to get the essential services up and running immediately? What are those? What’s important for your organization, that you can’t function without? Do you have a backup process?” “Take a grain elevator. Worst case scenario is you go out and write the weight of the grain on a clipboard on the scale as it comes and goes. Do you have a manual, not-computer process to keep your business going? There may be things you can’t keep going,” Jacobson said. “Certain things, can you keep drying grain? Can you keep the chickens alive?” By backing up all files—and practicing for disaster—you’re taking tangible steps to avoid catastrophe. “Lay out that strategy. If the worst thing never happens, then life is good,” Jacobson said.

About GEAPS:

The Grain Elevator and Processing Society (GEAPS) is an international professional association of grain handling and processing professionals. GEAPS addresses the industry’s critical grain handling, storage and processing operations needs by providing networking, professional development programs and access to a global marketplace of industry suppliers. GEAPS’ global network includes more than 2,200 individual members from about 1,050 companies. Join our network today!

For more stories like these, visit us at www.geaps.com

Have an idea for a future story? Contact Jessica Foster, GEAPS Communications Manager at jessica@geaps.com