Although smart technology is increasingly being used to make agriculture more efficient, there are risks when it comes to minimising human involvement and ignoring the potential of cyber attacks
In 2021, an Australian researcher presenting at the DEF CON 29 conference demonstrated how to gain control over modern farming equipment that features everything from GPS systems and automated navigation to software that manages spraying fertiliser. The vulnerabilities represent fundamental insecurities in the devices that could be exploited by malicious actors or potentially chained with other vulnerabilities.
Industrial control systems (ICS) are actively used in the food and agriculture industry. According to the ICS threat landscape report by Kaspersky, in the first half of 2022, African regions saw computers in the ICS environment being attacked using multiple means such as malicious objects, phishing pages, and spyware. In total, over the last six months, various types of malicious objects were blocked on every third ICS computer in South Africa.
“Smart farm machinery is vulnerable to hackers, leaving supply chains across Africa and the rest of the world exposed to significant risk. It is feared hackers could exploit flaws in agricultural software or hardware used to plant and harvest crops,” said Vladimir Dashchenko, ICS CERT Expert at Kaspersky. “It should also be noted that “smart” technologies used in the agricultural sector can be attacked not only by hackers, but also by unethical competitors. Since derailing smart technology operation in the agricultural sector does not require much skill, this can be used by competitors to lower the quality or even destroy the agricultural product,” he added.
However, despite the risks involved, digital innovation is essential to improve farming efficiencies at a time when many countries are not only battling difficult climatic conditions, but also global economic uncertainty. Ensuring that the farming environment and agricultural supply chain is managed optimally at all times becomes a business imperative if the world’s food supply is not to be disrupted.
Agriculture cybersecurity should encompass the technologies, processes, and staff security awareness trainings that protect infrastructure and devices from cyber threats. Specifically, Industrial Cybersecurity Solutions (ICS) are essential to safeguard agricultural organisations and farmers from the threat of compromise. As the name suggests, ICS solutions are designed to comprehensively secure the industrial elements of a business, while providing safe, effective asset data collection, monitoring and management.
Endpoint anti-malware software is another important component to consider. Because of the critical nature of the food and agriculture industries, malware is the cyber threat faced most often by these organisations. Malware describes numerous malicious software variants, such as trojans, worms, and ransomware. Anti-malware software applies signature detection, behavioural analysis and, in some cases, artificial intelligence (AI) to remediate an attack by disabling malware. It is crucial to have anti-malware software installed on every digital endpoint of a network.
“Over and above adequate cybersecurity solutions, ongoing cybersecurity awareness training is a critical step in enhancing the digital agriculture environment. Using both on-site and online interactive training modules and even cyber safety games for employees and workers build a familiarity with some of the tactics employed by cybercriminals to exploit network weak points,” stated Dashchenko.
Kaspersky’s Automated Security Awareness Platform (KASAP) supports organisations in addressing this need and to train staff on the evolving threat landscape in a memorable way. KASAP was created by leading cybersecurity experts and offers businesses an easy-to-manage and inevitably reusable online tool to upskills employees on how to better protect themselves and the business.
“Agriculture is a critical component of African economies. Those organisations operating in the sector must take all necessary steps to ensure their systems and processes are as effectively protected as possible,” concluded Dashchenko.