Coming the same week as the NZX faced continual denial-of-service (DDoS) attacks, a survey by telco 2degrees has revealed 52% of small to medium agribusinesses do not have a security resource in place to protect business data from cyber threats.
A security resource can be as simple as firewall and password protection, or as advanced as a subscriber-based internet security software programme.
Cyber attacks on New Zealand businesses reported to monitoring agency CertNZ increased 38% since 2018, with phishing and credential harvesting being the most common, followed by scams and then fraud.
Total financial loss also jumped from $14 million in 2018 to $16.7m.
“In the case of many agribusinesses and farms, there is often the perception you are quite isolated and removed from risks urban businesses face. In fact, that’s far from the case with the internet,” 2degrees chief business officer Andrew Fairgray said.
It is a level of naïvety that leaves businesses vulnerable to hacking practices including phishing emails. These seek sensitive information on the entity by way of a seemingly authentic email.
Other assaults include ransom-ware extortion demands and surreptitious software access to devices seeking out personal data.
This can include the ability to monitor and record keystrokes, effectively uplifting all passwords used on any accounts.
Fairgray says there is a misconception that if data was moved to the cloud it would be more secure than keeping it on a computer hard drive. However, there was still the risk that visiting unsecure websites gave hackers access to the device’s data.
Director and co-owner of Te Puna-based Acre Technologies Sarah Rice has a number of agribusiness firms as clients.
She says failure to maintain and update websites was one area many smaller agribusinesses left themselves vulnerable.
“With websites built using third party plug-ins like a contact link or order form, each plug- in needs to be updated as security patches come out, and so often that just does not happen,” she said.
Rice says it left the website vulnerable to the insertion of code that would then be used to access accounts and steal data.
“Five years ago people would break into computers and vandalise data. Now, they are way more insidious and more interested in stealing money and data,” she said.
Fairgray says farmers should not downplay their exposure.
They oversaw operations often significantly bigger in cashflow terms than other SMEs, with large asset bases and multiple data inputs.
“They should not underestimate the sophistication of their business and the value of their data on the dark web,” she said.
Some of the most insidious schemes involve hacking into a laptop, getting personal details and information about individuals they would not want shared with business contacts and exhorting payment accordingly.
Rice echoes Fairgray’s belief some of the simplest security lapses can be the most dangerous.
Both point to the mobile phone often holding more sensitive data than a PC, and one without a password was easily stolen, exposing the digital heart of the individual and their business.
Farms are also particularly vulnerable due to the blurring of business and home use.
Rice said while one computer can serve both, it can pay to have the computer set up with two very distinct accounts, and tightening down on children’s access on the home account.
“After so many years, believe it or not, we are still telling people to be smarter about their passwords. They need to be strong and they need to be unique,” she said.
Rice encourages the use of password lookup apps like LastPass as a way to store multiple passwords that only require one-for-all, and can be entered without using key strokes.
“Programmes like Office 365 have military grade security, but it comes to nothing without a sound password attached,” she said.
Keeping up with software updates, rather than just ignoring the update alert would also keep machines safer.
“And we still get people expecting machines to run on Windows XP or Windows 7, neither supported by security protection any longer,” she said.
And for farms that have increased use of internet enabled equipment like sensors, she said it pays to ensure the device’s default password is altered on installation.
A growing number of farms have farm-wide wireless networks to enable the operation of security cameras, increase mobile phone connectivity and run assorted sensors.
Such a wide coverage means it is now easier than ever for hackers to scan the signal and tap into streams of farm data.
Fairgray says as a company committed to increasing rural connectivity, 2degrees felt an obligation to ensure rural clients were aware, and protected against the risks improved connectivity can bring.
Top four cyber tips for business safety
CERTNZ was established to improve New Zealand’s cyber security and has some valuable pointers for businesses to help stay safe online. Its website offers some key tips to reduce increasingly common cyber-attacks.
•Install software updates: these fix vulnerabilities that hackers can otherwise exploit for access.
•Use two-factor authentication (2FA): anyone logging in needs to provide another device to validate their access.
•Back up data: all data needs a second storage site in case it is compromised, in an easily restorable form.
•Secure your devices: ensure any anti-malware software is enabled to prevent malicious software being downloaded. This includes staff devices being used on-farm or business.
Visit www.cert.govt.nz for more information.
