SAN JOSE, CA - If you didn’t already know, October is Cybersecurity Awareness Month. This is a time when we can all take a closer look at our technological security and work together to find new and improved ways of operating. ZAG Technical Services is one industry partner here to help.

“There are common attack vectors that any company in the supply chain is susceptible to, such as ACH fraud by social engineering, email phishing and malware attacks, and hacks via unpatched networks or computers,” Director of Client Strategy Patrick Day began telling me. “All of these are avoidable for nominal (relative) cost, in most cases, and user education and cybersecurity vigilance can go a long way in preventing these adverse outcomes.”

Patrick went on to note that cybercriminals can target growers, processors, packers, and shippers alike with attacks ranging from ACH fraud to information exfiltration and extortion, ransomware, and more. Simply put, if your company has IT, attackers could be targeting you.

“Cybercriminals use sophisticated tools that automatically test networks for vulnerabilities. Big, small—doesn’t matter. Once they find the vulnerability, they go to work. They don’t care if they get $50,000 or $5 million. They also don’t care if they put you out of business,” Patrick continued.

I learned from our conversation that the supply chain is very interconnected via Electronic Data Interchange (EDI). The usual impact is the immediate upstream or downstream partner. For example, if a marketer of bananas was offline and unable to sell or ship, that would immediately impact upstream retail. It might also impact downstream growers because the marketer might be unable to receive inbound shipments.

“It extends beyond the grower and foodservice/retail relationship. If the supplier of, say, clamshells to a packaged lettuce marketer was breached and unable to produce the shells for weeks, that could have serious implications for the marketer,” Patrick went on. “Companies must also remain sensitive to the vendors (and associated cybersecurity posture) that have access into their environment. A refrigeration vendor with VPN access into a packer’s environment can be an entry point for the criminals as well.”

To protect themselves, Patrick explained that operators can start by adhering to some basic cybersecurity best practices. ZAG partnered with ProduceSupply.org to produce a free set of security standards for small, medium, and large ag operators.

Some baseline best practices include:

• Engage in regular employee education and training
• Enable multi-factor authentication (MFA) across all technology systems
• Use strong passwords/pass phrases
• Deploy modern anti-spam and antivirus solutions
• Engage in regular server and PC patching/system updates

More advanced best practices include:

• Snapshot recoveries for more streamlined incident recovery
• Engage in penetration testing to determine vulnerabilities
• Create disaster recovery, incident response, and business continuity plans (and test them)

“The most cost-effective and time-sensitive way to successfully navigate security needs is with a managed service provider (MSP)—a contracted partner whose team of experts audit, update, and secure systems and data,” Patrick relayed. “For those employing advanced technologies in their organization, there are multiple advantages to relying on an MSP to handle IT and cybersecurity needs.”

Patrick concluded by telling me that food safety and social responsibility aren’t the only areas of transparency requests within supply chains. Some organizations are starting to require transparency into business partners’ cybersecurity setups and disaster recovery plans to ensure all data within their system is and remains safe. Will you be ready when they do?

I will be following up with Patrick about some of the trending schemes and scams ZAG has seen lately, so stay tuned.

ZAG Technical Services