Farms are 'fair game' to cyber attacks

Farms are 'fair game' to cyber attacks


As more farm enterprises rely on the internet to operate, the isolation that has spared many regional businesses from crime compared to those in built-up or city areas has started to fade.


AS more farm enterprises rely on the internet to operate, the isolation that has spared many regional businesses from crime compared to those in built-up or city areas has started to fade.

Cyber experts say that as long as your business uses the internet, you are fair game just as much as metropolitan businesses.

And farm businesses, due to their high dollar amounts of input and outputs, are common targets for cyber criminals.

NAB Cyber general manager Nick McKenzie said the industry and all businesses should remain conscious of the impact of cyber threats.

"Concerns for business may vary widely as it will grow based on a business's reliance on automation technologies, the volume of supply - both would directly impact productivity and continuity or profitability of the business, its supply contracts and relationships," Mr McKenzie said.

"Farms using automation will need to be aware of the threats that can impact computer technology (eg malware or ransomware) where farmers could potentially lose data used to track productivity, or even render the machinery/robotics temporarily unusable.

"They will also need to be aware of supplier risk, where the suppliers use cloud services that are impacted and can have flow-on effect that causes support delays or makes their systems unavailable.

"As a finance institution, NAB tends to see the impact on agribusinesses from cases that are related to the infiltration of bank accounts and false invoices.

Mr McKenzie said these attacks tend to start with email spamming or 'phishing'.

"Threats we see are the actors (scammers) largely trying to monetise their phish or scam directly from the bank, or from a customer or end user," he said.

"In agribusiness, the intent might be something different - it may be looking to use the infrastructure of the particular agribusiness for ransomware or it may be to use it to set up a zombie type of infrastructure, which can be launched to do other attacks on other people's networks.

"Cyber criminals have become savvier at disguising their activities by making them appear as normal activity on a person's bank account.

To do this, the actor targets someone for a period of time to determine what their normal internet and banking behaviour looks like.

Mr McKenzie said the timeframe in which an actor profiles an individual or business varies depending on the type of attack and its complexity, the defences that are set up on the business side and how successful the actor is at implementing themselves and learning about the target.

NAB regional and agribusiness customer executive for WA Jeff Pontifex said the institution's system is usually quite effective at detecting suspicious activity and alerting customers.

NAB's system is largely self serve and self regulated, allowing users to have control of and limits on certain outgoing dollar amounts.

"Cyber criminals will be testing those limits and looking for signs of that in some sort of sense, so if they have actually broken into the computer already, they'll be looking at what the regular transactions are," Mr Pontifex said.

"The cases I see the most are things like compromising invoices - sending it to the wrong supplier - or just getting into the computer which is then compromised and then the actor is in the computer when people are putting their password in and opening their system, then actors can get in there and transfer money.

"Determining where the responsibility lies from a cyber attack can be very ambiguous and Mr McKenzie said it is really on a case by case basis.

"On a macro level, you need to dig into the individual item of the particular scam or the phish or even if the services are outsourced to a provider - it really depends what went wrong when determining liability," he said.

"There is a reliance on cyber security for everyone involved - such as the small to medium agribusiness - to have good awareness that the way they conduct business is secure and appropriate and they have to have a general level of awareness about how they should be transacting or how they should be protecting their own infrastructure, albeit outsourced to a provider or if they're running their own set up.

"With all parties required to be cyber secure and alert, victims of cyber crime can not necessarily rely on the possibility of reclaiming their lost funds, as Mr Pontifex said in the cases he has seen, it is rare.

"People need to act very quickly if they are aware or suspect an attack," Mr Pontifex said.

While many attacks might not be large amounts of funds, he said any money lost from a cyber attack is "pretty devastating".

"Money is emotional to anyone," he said."I don't think I have seen any amount where someone hasn't been upset about it."

"Generally cyber criminals have been looking at victims for some time, so they do feel compromised and vulnerable as a result of that.

"They question whether anything else has happened and what else does the attacker know?

"NAB advised one of the most effective and easiest ways to protect online accounts was having a secure password, preferably with multi-factor authentication (MFA).


From the front page

Sponsored by