The cybersecurity threat to agriculture companies is so pervasive that no one is immune.
“If your organization is connected to the internet, they know about you, and they will attack,” said Eric Regnier, IT and security manager at ZAG Technical Services BB #:365534.
ProduceSupply.Org (PSO), a consortium of North American produce suppliers working together on technology initiatives in fresh produce, this week released the first revision of the PSO Cybersecurity Best Practices for Produce Suppliers to give produce companies a framework to defend and protect themselves from cyberattack.
Johnny McGuire, director of IT for The Nunes Company BB #:114986 and president of the PSO Cybersecurity Council, said the produce industry is in urgent need for protection, and it’s something companies aren’t comfortable dealing with or even talking about.
“We’ve seen companies and our members fall prey to cyberattacks,” he said.
A typical ransom attack could shut down a grower-shipper’s harvest, shipping, packing, and invoicing for 10 days, leading to millions of dollars in costs and losses, McGuire said.
“Some companies couldn’t survive this,” he said.
In Salinas, CA, for instance, while produce companies are competitors, they are also very connected, buying and selling amongst each other.
“If someone gets compromised, we’re all at risk,” McGuire said.
Regnier said this spring the FBI warned food and ag companies that they could become a target of ransomware attacks during their busiest times, such as during planting and harvest.
“It’s sophisticated and highly resourced,” he said. “Everyone reading this is being targeted right now.”
And he said despite the warning from the FBI, there’s not much its agents can do about the threats since the threats are coming from all over the globe, so if they’re in a country unfriendly to the U.S., there’s nowhere to turn for help.
PSO’s best practices guidelines are specifically built to serve fresh produce companies, which often operate at all hours and all days of the year. They are broken into three tiers – high, middle, and low – designed to provide actionable guidance to improve cybersecurity defenses for all sizes of companies.
“We’ve written these guidelines, and now we want to help everyone, especially smaller companies to implement them and protect themselves,” McGuire said. “It’s not an IT problem. It’s for everybody, especially business leaders.”
“The resources should be seen as empowering and proactively addressing the threats specific to the produce industry,” said Jenna Hardie, marketing communications manager for ZAG, which donates their technical expertise to the initiative as subject matter experts.