By Greg Gatzke, President, ZAG Technical Services
Every Western Growers (WG) member plays a critical role in ensuring the continuity of the supply chain that provides fresh produce for all Americans. Each step in the production process is essential and technology-dependent. Criminals threaten this critical supply chain, and both the agriculture and technology industries must band together to solve this problem.
The recent ransomware attacks on Colonial Pipeline and JBS affected the supply chain and consumers directly, highlighting the risks these cyberattacks bring. There’s a need across agribusinesses to create minimum, baseline security standards to strengthen technology systems.
At a minimum, companies must:
1. Implement security standards.
Security solutions that protect an organization’s network, such as antivirus systems and advanced firewalls, along with ongoing software updates and vulnerability tests, are necessary elements of a company’s security strategy. Organizations must also require multi-factor authentication (MFA) for all remote and email access. MFA is a process that authenticates the identity of a person through two or more methods before allowing access to specific applications or accounts. MFA implementation is not foolproof, but it is an essential step in strengthening an organization’s security posture.
2. Be able to recover fast.
Organizations must plan for the worst and be able to recover quickly. If criminals get access to your network, can they destroy your backups? They’ll often succeed. They must be protected. Organizations must have advanced storage that allows them to use snapshots to recover instantly.
3. Make sure your desktops are protected.
Too many IT people think about restoring the servers in the Data Center. It is our comfortable place. Ask them how they will recover if every desktop is encrypted. This can be more significant than the loss of the servers.
4. Have a formal disaster recovery, incident recovery and business continuity plan.
IT must have a formal disaster recovery plan that explains how they will recover systems should disaster strike. In a disaster, the whole business must know how to respond.
An incident response (IR) plan is critical to guide:
• How communications will occur throughout the company when systems are down.
• Will a ransom be paid?
• How the event be communicated to customers and vendors.
• When and if law enforcement, insurance, and other agencies will be engaged.
Finally, a business continuity plan must be created to instruct the business on operating in a disaster. This includes questions like:
• How will product be produced without computers?
• How will orders be communicated?
• How will product be picked, labeled, and shipped?
An IR plan is not for IT; it involves the entire organization and is key to a successful outcome should an intrusion occur.
5. Determine if suppliers pose a risk.
The old adage is that organizations are only as strong as their weakest link. The new reality is that they are only as strong as their weakest supplier. If your suppliers are compromised and can’t deliver, your organization can be shut down. Companies should manage their suppliers to ensure they have protections in place, and that they are secure. Examples of these protections include secure remote access methods, a secure internet presence, email protections to stop phishing attacks and ensuring they do not have exposed logins/passwords on the DarkWeb.
6. Remain vigilant.
Every ag company is dependent upon technology. Technology can be used to gain a competitive advantage for your organization, but it can also introduce risk without the foundation of security, maintenance, and support. Make sure your company and suppliers have the proper protections and processes to ensure that we can continue producing the food that America needs.
As a proud sponsor of the WG Center for Innovation & Technology and supporter of WG Insurance Services, ZAG Technical Services is available to support all Western Growers members with their intelligent business and network security needs. This includes services such as improving network security, protecting corporate data, preparing organizations for an IT disaster and implementing prevention protocols. Through ZAG’s technical services, agribusinesses can prepare for the evolving risks of cyberattacks, while WG Insurance Services can help these organizations with tailored cyber policies through its new Cyber Risk Management Solution.