This October marks the 20th year of网络安全宣传月, an online safety education initiative presented by theCybersecurity and Infrastructure Security Agency (CISA)and theNational Cybersecurity Alliance (NSA).
With the theme Secure our World, this year’s initiative is offering a program on best practices and simple steps businesses can take to outsmart online outlaws. TheNational Grain and Feed Association (NGFA)is supporting their efforts by sharingcybersecurity informationand program updates to better inform feed and grain businesses and ag cooperatives, which can be targeted by ransomware actors at critical times like harvest season.
A cybersecurity attack is capable of disrupting feed and grain operations, the food supply chain, and can be costly for agribusinesses that don’t take precautions to protect their data.
One of the most successful tactics cyberattackers use is "phishing," or digital messages that appear to be sent from a trusted source in hopes the recipient will accidentally download malware to their device or reveal confidential information. Agribusinesses can avoid these threats by training employees to recognize the signs of phishing and to report them immediately.
How to recognize phishing
Successful phishing emails are easy to spot for the trained eye. Messages often include:·
- Urgent tone with emotionally charged language
- Requests for personal and/or financial information
- Unusual or unrequested file attachments
- Unfamiliar shortened URLs
- Email addresses that are not the same as the sender’s name
If an email seems suspicious or contains several misspellings and poor grammar, it could be a sign of phishing. Do not call phone numbers included in the message, open any attachments or click any links — including an “unsubscribe” button.
Phishing best practices
If a recipient is unsure or believes it could be from a trusted sender, continue to avoid sharing sensitive information or credentials until the source can be verified. First, seek out ways to validate the supposed company or sender. CISA said to visit the company’s website from your own web browser to locate the company’s contact information, or, if the sender is identified as someone you know, call them at a trusted number and confirm whether they sent the email.
If following these steps fails to confirm the message's source, it should be deleted and reported as phishing to your organization’s IT administrator.
CISA also recommended utilizing the “report spam” feature included in email platforms to protect against future attempts from the spammer. If the message appears to be from an organization you conduct business with, they should be alerted about the incident.
3 tips to stop hackers in their tracks
CISA'sSecure Our Worldprogram offers resources and advice for companies and individuals. In addition to recognizing and reporting phishing, here are three tips to follow to stay safe online.
- Beef up password strength:简单的密码可以cyberattackers容易guess if they have any of your personal information. Avoid this by creating long (at least 16 characters)random passwordsthat are unique for each site you regularly use. Passwords should include all four character types — uppercase, lowercase, numbers and symbols. Secure password manager programs can also be used to help create strong, unique passwords for each account and maintains and stores them online automatically.
- Take extra steps to boost security: MFA is the second line of defense to a strong password. Enablingmultifactor authentication (MFA)significantly limits hackers’ ability to access online accounts, even with the correct password. This step requires a face scan or a code sent via text message in order to successfully gain account access. MFA should be enabled on all devices and platforms that offer it, including email, social media and financial accounts.
- Resist clicking “Remind me later":Regularlyupdating softwareis key to ensuring devices have the latest security patches. Turning on automatic updates is one way to stay up-to-date, but if not available, update devices, apps and software — especially antivirus software — every time a notification appears that updates are available. Checking for updates and installing them immediately closes security code bugs and keeps important data secure.
For more information about Cybersecurity Awareness Month and to participate in social media activities throughout October, visitcisa.gov/cybersecurity-awareness-month,staysafeonline.org/cybersecurity-awareness-month/and follow the hashtags#CybersecurityAwarenessMonthand#SecureOurWorld.
网络安全攻击s target grain companies
TheFBI,CISAand theNational Security Agency (NSA)have investigated ransomware occurrences against up to 14 critical U.S. infrastructure sectors, including food and agriculture, defense, emergency services, government facilities and information technology sectors.
Ransomware attacks against six grain cooperativesreported in 2021 prompted the FBI to issue aPrivate Industry Notificationthat ransomware actors may be more likely to attack ag cooperatives at critical harvest seasons and at planting season to disrupt seed and fertilizer supplies.
Two attacks in 2022 directly targeted feed mills and grain processors. In February, a feed milling and other agricultural services provider reported two instances of an unauthorized user gaining access to some of its systems in attempts to initiate a ransomware attack. Both incidents were detected and thwarted before encryption occurred.
In March, during the critical spring planting season, a multi-state company that provides seed, fertilizer, logistics services and grain processing suffered, aLockbit 2.0ransomware attack.
While Cybersecurity Awareness Month serves as a timely reminder to stay vigilant in protecting grain and feed operations from malicious actors this harvest season, following these best practices year round is key to long-term security for agribusinesses and their data.
