n one of my other lives, I run a cyber security consultancy. Security Risk Management is a niche consultancy which specialises in helping a range of clients across Public, Private and Third sectors keep their information and computer systems as safe as possible. One thing that has become clear, however, is how poor many who work in the agricultural sector are at managing their computer security.
This is strange. Farms are increasingly dependent on technology and farmers (should) understand the management of hygiene and risk, though more often than not, it is not until there is a problem (by which time it is too late) that many farmers show any interest in the subject at all.
This was brought home the other day when, whilst on the way to buy a bull at the Stirling Sales, I was rung by a friend who had been infected with the ransomware Cryptolocker – a particularly nasty piece of Malware that encrypts a victim’s data and then attempts to extort money to make it available. I’m pleased to say he didn’t pay – but as a result, he lost much of his information (it is generally considered unfeasible to break the cryptolocker encryption). He ruefully admitted that he hadn’t backed up his computer for over two years, something which would have given him significant resilience. It may have been accidental that this attack happened when he was doing his year end. Fortunately his bookkeeper had backed up her files and could recover some of the lost financial data, but most of his personal and operational data was lost.
A number of other friends admit to running old PCs with little or no security or antivirus software – certainly nothing current. Many often note that their systems are shockingly slow. Clearly this is often due to the Cruft Factor (the degree to which a computer “runs like a dog” after time takes its toll) but often it is because they have been infected by quantities of malware – and are often being farmed themselves as part of one or more Botnets.
It is not until one loses data or systems that it becomes clear how critical they have become to our lives and businesses. Most farms are dependent on IT for a range of management and compliance activities ranging from livestock movement reporting, operational analysis and record keeping. Many of these activities are not only critical from a practical sense, but mandatory in terms of compliance. Even those who still keep their accounts in a ledger (quite common in the agricultural sector) are dependent on the Online Environment for reporting a range of issues.
Curiously, the farming paradigm has distinct parallels with the cyber environment, particularly those proponents of the dark side who routinely farm vast communities of compromised technologies and, by extension, the people who use them. With my security hat on, I frequently use farming as an analogy (see Analogies Project), it is ironic that many in the farming sector do not see the threat until it is too late.