A report shows almost 80 per cent of producers don’t have a cyber security plan
A new report shows most Canadian farmers aren’t prepared if their operation is hit with a cyberattack.
“Cyber security readiness remains low, with nearly 80 percent of farms lacking an incident response plan,” the report from MNP Digital says. “Proactive planning is critical to minimize the operational and financial impact of cyber incidents.”
MNP Digital surveyed 541 Canadian producers in July 2024 and released the findings in February 2025.
Cyber security is an increasing issue in the digital age.
Industry groups rank food and agriculture seventh out of 11 sectors monitored with the most attacks.
Therefore, having a plan is a necessity, said John So, IT manager with VL Interactive.
“When you’ve got robotics, automated systems, cloud systems, and really anything that’s connected to the internet these days, you’re at risk of a cyber attack,” he told Farms.com. “It’s not a matter of if you get hit with one, it’s a matter of when, and you want to be prepared when that happens.”
Hackers typically use two methods to extort victims.
One is ransomware, which locks users out of networks until a ransom is paid.
Hackers did this in 2022 to the Union des producteurs agricoles in Quebec, demanding payment in exchange for a decryption key.
Another method is phishing emails.
These emails appear to come from reputable sources but are designed to steal personal information.
“We’ve seen that happen where the email pretends to be someone from upper management and asks someone to purchase gift cards,” So said.
And hackers don’t need much time to create chaos.
In its 2024 global threat report, CrowdStrike, which provides online security services, found the fastest eCrime breakout time (the time it takes for a hacker to move laterally from one compromised host to another within the network) at 2:07 mins.
“A lot of the ways hackers used to do thing 10 years ago are automated now,” So said. “So, where they used to camp out for months before launching an attack, now it can be much quicker than that.”
So how can someone protect themselves and their sensitive data from cyberattacks?
Most major email providers like Outlook or Google, and Cloud storage providers like OneDrive or Google Drive, do a decent job at filtering out potentially suspicious emails, So says.
But increased protection means a user must treat it like any other investment.
“Almost treat is like car insurance,” he said. “You obviously don’t want to be without it, and you have the option to pay for additional protection.”
The first part of a basic security plan is to protect any credentials.
Whether it’s banking or agronomic data, or a Netflix login.
“Always have some kind of multi-factor authentication in place,” So said. “And if things are backed up in the cloud, it should be safe there too.”
Another service people can seek out is a software operations center.
This continuously monitors networks for any potential threats.
“It’s a step above antivirus,” So said. “It’ll monitor any endpoint device 24/7 and if it suspects any malicious activity, it’ll automatically lock the device down and stop access on it.”
Other highlights from MNP’s report include:
- 36 per cent of farmers saying they’re “very little knowledgeable” about cyber threats
- 9 per cent of respondents have had a cyber attack
- The highest incidence rates are on farms earning over $5 million annually
Agriculture and Agri-Food Canada also has tips and tools farmers can use to protect themselves from cyber threats.