Modern cybercriminals are as sophisticated as ever, but they’re no different than any other criminal in one way: they relish an easy victim.
Security experts warned fresh produce companies that if their digital security isn’t taken seriously, they’re the low-hanging fruit to cybercriminals.
In a Produce Marketing Association BB #:153708 Town Hall on August 4, security professionals laid out the threats and protections to cybercrime.
“Cybercriminals are looking to do something easy, an easy target,” said Dave Summitt, CISO for Alpha Omega Advisors. “But every one of [these attacks] is preventable. The threats are there, and you have to protect yourself.”
There are many kinds of cybercrimes, Summitt said. A common one is being hit with ransomware, where a criminal will shut down your system and demand money in exchange for turning it back on.
It’s easy to tell when you’re the victim of this kind of crime, he said, because they demand something.
It’s harder to tell when criminals have installed a bug to steal information or money, or when they’re using your system to perpetrate bigger crimes.
“Don’t think you’re too small to get hit,” Summitt said.
Where does a produce company start?
Greg Gatzke, president of ZAG Technical Services, said there are three things to do right away to be more secure. First, train your finance staff on the proper ways to handle ACH (automated clearing house) payments. Then use a multi-factor email authentication system. And finally, give your IT department time to maintain and patch your system.
“The biggest threat to the produce industry is inaction” Gatzke said.
Lisa Shasteen, CEO of Shasteen & Percy, PA, said it’s wise to have a layered security defense system so that if something gets by one, it will be caught by another.
She said that from a legal standpoint, a company’s officers could be held liable and have a fiduciary responsibility during theft and loss, so it’s imperative to take the issue seriously.
Summitt said every company should identify someone who will be responsible and accountable for cybersecurity, and it’s that person’s job to make sure everyone in the company knows they’re also responsible.
Peter Jankowski, chairman of Next Level Security Systems, Inc., said staff training is an investment that will pay off.
“Most problems can be avoided if people don’t make mistakes, but the industries I work with are not doing a good job with this,” he said.
George Szczepanski, director of membership engagement for PMA, said cybersecurity is still a young industry, so companies that haven’t invested in it aren’t alone, but they need to soon.
There are more security suppliers coming into the industry because there are more criminals, he said.