Farmer's Weekly (South Africa)
Food supply vulnerable to cybercrime
Agriculture’s vulnerability to cyber attacks was highlighted at the Africa Agri Tech 2023 conference that took place in Pretoria recently. If risks are not mitigated, food supply could be heavily impacted, according to some speakers at the event.
With the advent of the Internet of Things, the agriculture sector faced increasing exposure to cyber attacks. Recent attacks included those that paralysed systems that mixed animal feed and those that administered feed on farms. Locally, a cyberattack on Transnet brought ports to a standstill, halting exports, while an attack on Onderstepoort Biological Services prevented vaccine production.
Billy Petzer, researcher of cybersecurity systems at the CSIR, noted that the modern supply chain was very long and complex, making it difficult to secure against cyber attacks. He also pointed to research which showed that attacks on the agriculture sector were increasing.
“Agricultural systems are being targeted because it has a real world impact. This can lead to failed crops, dead livestock and poisoned water. Traditional attacks cause intangible loss, including data, money and reputation,” Petzer said.
He added that the perpetrators of cyber attacks on the agriculture sector were cybercriminals who profited through ransomware. Hacktivists included those who used cyber attacks to promote a political agenda, and terrorist groups and thrill seekers.
Looking at the numbers, South Africa did not have a good track record in guarding against attacks. “South Africa is ranked eighth worst in the world for falling prey to ransomware. We rank fifth on the list for the worst cyber security globally. Agriculture in general has been shown to have a low level of cyber security in place, since attacks are not perceived as being as prevalent as in the banking sector, for example,” Petzer said. Lwando Cwane, cyber insurance lead at Hollard, noted that the global cost of cyber attacks was US$10,5 trillion (about R190 trillion) globally. “South Africa has the highest probability of a repeat breach, with more than 83% of businesses experiencing more than one breach in the past 12 months.
“On average, the time it takes for a company to identify a breach is 235 days. During this time the hackers have full access to your systems and can formulate the best time to institute an attack. They would also be able to access accounts during this time and siphon off funds. Once detected, the average time to contain a breach is 88 days.”
To guard against cyber attacks, companies were advised to increase cyber security, with a large focus on employee training. Petzer stated that 98% of incidents were enabled through human error, through for example phishing emails. He said companies would do well to educate employees about cyber security. –