Agriculture’s increasing reliance on technology is leaving the industry vulnerable to cyber attacks, says cyber security expert Alastair Miller.
The warning comes as statistics from the government’s Computer Emergency Response Team show $5.8 million in direct financial losses from cyber crime was reported in the first quarter of this year, a 66% jump on the same period in 2022 ($3.7m).
The figures show 264 people lost between $100 and $1000 and 16 people lost more than $100,000.
However, experts said most cyber crime still goes unreported.
“No one is immune these days, unfortunately,” said Miller, a principal advisory consultant with Australasian company Aura Information Security.
“You might think farming is not an obvious area to target, but there is quite a lot of tech used in farming now. Even some of the tractors and combine harvesters have a surprising amount of computers inside.”
Miller said cyber crime is rampant worldwide and criminals are becoming more sophisticated in the way they target victims.
There has been plenty of publicity about scams in which criminals attempt to gain access to bank accounts or personal information, usually by sending emails with click-on links attached.
But more cyber criminals are now targeting businesses through a company’s IoT, or Internet of Things. The IoT is a collection of sensors, software and other operating technology that might exist within a company.
“That’s a bit more of a sophisticated attack but these are people who can use security flaws in those systems to get into your networks.”
Miller said farms, orchards and vineyards are increasingly using technology to run their businesses. Sensors to operate heating, cooling, irrigation, security or lighting are commonplace
Once a system had been accessed, offenders generally look “to cause chaos” by altering sensor settings, which can lead to crops or product being destroyed.
“Sometimes they can hold things to ransom – ‘We’ll release it if you pay us $10 or $20,000’ type of thing.
“But sometimes people just destroy stuff because they can.”
In 2021 the world’s largest meat processing company, JBS paid the equivalent of $16.1m in ransom to end a major cyber attack.
Computer networks were hacked, temporarily shutting down some operations in Australia, Canada and the United States. JBS said it paid the ransom to protect customers.
Miller said the IoT attacks are a more specialised type of crime.
“It is definitely on the uptake for the bigger groups, especially vineyards, who seem to be a particular target.
“I guess it’s because there is quite a lot of money riding on production.”
There was an instance in New Zealand where a vineyard was targeted and sensors controlling wine acidity and temperature were accessed. Miller said the system had to be stripped out and the company temporarily reverted to manual testing.
There are security steps companies and individuals can take to improve their cyber safety. Miller said it is important people segregate their system networks to ensure the business IoT is not linked to the same internet network that has general access.
Systems also need to be updated as often as possible.
“Then it’s educating everyone about the things to look out for, suspicious emails, odd texts, things that might hint that someone is trying to find a weakness in the system or get access to stuff.”
If people receive an email claiming to be from banks or other businesses and seeking personal information, they should take time to read the email and make calls, if necessary, to check its authenticity before opening links.
“The few minutes spent double checking is worth the amount of money you can lose.”
Miller said once someone has been scammed there are few options available to them. NZ’s laws regarding such offending are “pretty lax” and more often than not the offenders are based overseas so “they’re not even going to try to prosecute them”.
Fraud insurance is hard to obtain and expensive.
“The onus is really on the individual to try and protect themselves, but it’s not always easy.”
