A recent report from the Food and Ag-ISAC (Information Sharing and Analysis Centers) has unveiled alarming insights into the cyber threats confronting the U.S. food and agriculture sectors. The analysis reveals that ransomware attacks constitute more than half of all cyber incidents in this critical infrastructure area, emphasizing the urgent need for enhanced cybersecurity measures. According to Jonathan Braley, director of the Food and Ag-ISAC, ransomware remains a prevalent threat across various sectors, but the food and agriculture industry represents about 5% of the total reported ransomware incidents.
The report highlights that 25 distinct ransomware actors are currently active within the food and agriculture sector, making up a staggering 53% of all identified threat actors. Unlike other cyber threats that may target specific organizations for strategic reasons, ransomware attacks are often opportunistic. Braley explains that these groups scan the internet for vulnerabilities, leveraging initial access brokers who have already breached organizations. This means that attackers may not know their targets until they have infiltrated the systems, increasing the risk for all businesses, regardless of size.
In 2024 alone, the Food and Ag-ISAC has recorded approximately 2,400 ransomware attacks, with 138 impacting the food and agriculture sector. However, Braley cautions that these figures only reflect reported incidents, noting the inherent challenge in capturing the full extent of cyber attacks against the industry. Ransomware groups often publish their victims on public data leak sites, providing a clearer, albeit incomplete, picture of the situation.
The report also identifies 13 nation-state actors, which account for over 27% of the threat landscape in the food and agriculture sector. Countries like China, Russia, North Korea, and Iran are frequently cited as the most active in this domain. Additionally, cybercriminal groups, motivated by financial gain, represent 15% of threat actors, while hacktivist groups account for 4%. Hacktivists are defined as those who conduct cyber attacks to disrupt organizations that hold opposing ideological or political views, sometimes seeking recognition for their actions.
The tactics employed by these threat actors are evolving, with three primary methods emerging: the use of readily available tools and “living off the land” tactics, targeted spear-phishing attacks, and the deployment of custom malware or tools. This adaptability underscores the need for organizations within the food and agriculture sector to remain vigilant and proactive in their cybersecurity efforts.
Braley notes a growing awareness of cyber threats within the agrifood industry, facilitated by partnerships with various trade associations. These collaborations aim to equip members with the knowledge and resources necessary to effectively manage risks. However, small- and medium-sized enterprises, including farms, often remain less aware and prepared for cyber threats. Many companies mistakenly believe they are too small to be targeted, overlooking the opportunistic nature of ransomware attacks that can affect organizations of any size.
In response to this pressing issue, the Food and Ag-ISAC has developed a free cybersecurity guide tailored for small and medium-sized enterprises. This resource offers low- and no-cost practices that stakeholders in the food and agriculture sector can implement to bolster their defenses. Braley emphasizes the importance of sharing resources regularly through the organization’s website and social media channels to ensure that businesses have access to the latest information and tools to protect themselves.
The findings from the Food and Ag-ISAC serve as a critical reminder of the vulnerabilities faced by the food and agriculture industry in the digital age. With ransomware attacks on the rise and the threat landscape continually evolving, stakeholders must prioritize cybersecurity to safeguard their operations and ensure the resilience of this vital sector.