The Security Threat Landscape: What’s Here + What’s Coming

As attacks on critical infrastructure across the U.S. (including agriculture) continue, the government is getting more involved. Agriculture must step up to the challenge before having solutions mandated. The following is a sampling of the kinds of communication that have recently been released:

• The White House drafted open letters to private businesses outlining a range of IT security practices that companies should adopt.
• The FBI issued warnings for Ag businesses around ransomware and disruptions to the supply chain.
• The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and NSA released cybersecurity advisories around ransomware cyber intrusions targeting critical infrastructure.

It is ultimately good that the government is engaged in this. Our food supply and nation are at risk. After all, from July to October, there were more cyberattacks than in the last three years combined, according to Microsoft, with sophistication levels exceeding those previously seen.

“Between July 1 and October 19 (2021), we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. By comparison, prior to July 2, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the last three years.”
—Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft

Cybercriminals are continuously improving and evolving as they attempt to breach U.S. businesses. This is a continuous battle.

While it is good that the government is paying attention and beginning to work to solve the problem, we can’t wait. No one knows our business better than we do. No one can implement security that works better than those of us in the industry. It’s important that we protect ourselves now.

So what are some things businesses should focus on in this changing threat landscape? And what’s to come?

Security trends for 2021

Over the last several incidents that ZAG has helped with, we’ve learned:

• Board of Directors are now actively engaged in all things cybersecurity
• Preparedness and preventative measures matter
• Incident Response plans are becoming more important
• Every business should focus their efforts on business continuity measures ASAP

The focus for IT teams over the last year have been on some key trends aimed at improving an organization’s security posture, including:

• Multi-factor authentication (MFA) everywhere. MFA is a process that authenticates the identity of a person through two or more methods before allowing access to specific applications or accounts. Not only does it add an extra layer of protection for your accounts, but it also can help you meet compliance requirements for securing cyber insurance.
• Personal Identifiable Information (PII) focus. It’s become apparent that many businesses have a problem with the storage and management of PII. But over the last year, more concern and attention are being paid to protecting this data.
• Increasing finance controls. ACH phishing fraud is one of the primary ways that cybercriminals attack, focusing on the finance function of a business to access money and fraudulent payments. But over the last year, we’ve seen an increased focus on implementing best practices and controls to avoid such losses, such as verifying all transactions and changes.
• Use of security operations centers (SOCs). Over the last year, there’s been a rise in the use of third-party SOCs that help monitor all aspects of a company’s network for anomalies and potential breaches – as well as help address a breach in a timely manner. The use of these services, such as Rapid 7 or Arctic Wolf, will only continue to grow as threats increase.

What’s next for 2022?

When it’s time to make security- and technology-related investments for the New Year, we’ve broken it down into three categories:

1. Must-Have
2. Should Have
3. Good to Have

1. Must-Have

• MFA – and we mean everywhere, protecting at every level.
• Security Standards – either these are driven by your own internal security protocols or reliant on a third party (like ZAG Standards), these are essential.
• Snapshot/Airgap Backup – use snapshots that provide the quickest way to recover in the event of a breach. If you can’t use snapshots, use air-gapped backups so that an Active Directory administrator cannot delete the backups, further protecting your business.
• Financial Controls – primarily around ACH changes, your organization must have guidelines to follow to prevent phishing attacks.
• Nextgen Anti-virus – leverage software and encrypt all the files on your systems so you’re better able to block attacks when they’re happening.
• RTO/RPO – determine what your recovery time objective (RTO), or the maximum amount of downtime your business can tolerate, and recovery point objective (RPO), the interval of time that your business can recover from data loss, is and ensure IT has the tools to help.
• Disaster Recovery Plan – this is essential for your business to guide how best to recover from a successful criminal attack.

2. Should Have

• SOC – Deploy a Security Operations Center (SOC) either in-house or via third-party to help identify and address any breaches.
• Annual Testing of DR Plan – it’s not enough to develop a plan; you must regularly test the plan and change as business needs change so that critical pieces aren’t missed.
• Business Continuity Plan (BCP) – in conjunction with a DR plan, a BCP helps the organization continue to produce while the IT systems are down. This is critical in a world where “trucks gotta ship.”
• SCADA Network Segmentation – segmenting manufacturing systems from the user network is critical to ensure their survivability in the event of a breach.

3. Good to Have

• Industry relationships to understand new types of attacks – listen to and share stories about what an attack looks like, understand how it’s coming in, and learn from these experiences. Our industry should be hit no more than once by a new type of attack.
• Industry-wide IT standardization – just as the fresh produce industry has best practices and standards in place in the event of a foodborne illness outbreak, there need to be standards for technology and cybersecurity that help protect the industry
• More MFA – everything that could have MFA should have MFA. This will go a long way in preventing criminals from getting in.

These are just some of the items that should be addressed. But covering these items is a start to providing the security we need. Yes, there is more (patching, etc.), but we must start somewhere.

The ultimate goal of IT systems should be to make you more competitive, give you more information for better decision-making, and enable processes and automation to make you more profitable. Security of these technology systems needs to be resolved first so businesses can realize true competitive advantage. This is about building your technology’s competitive advantage on a solid foundation.

In 2022, organizations must get better at identifying risks and taking on the process of developing recoverability. If they don’t, the government may come in and require it, which can lead to more regulation. You can sit back and wait, or your organization can be the one that does something. When we collectively do enough, it will positively change our future.

Ready to take the next step?

Click here to learn more about ZAG’s Security Review + Action Plan we’re offering to help your organization protect itself and prepare for a cyberattack.