Protecting feed and grain companies from ransomware [Podcast]

Transcript has been edited for clarity.

Steven Kilger - 00:00

Hello! My name Steven Kilger, I’m the managing Editor for Feed & Grain Magazine and the host of the Feed & Grain Podcast. Thank you so much for joining me today as we dive deep into the issues affecting the Feed Manufacturing, Grain Handling and allied industries.

Today’s episode is brought to you by The BinWhip from Pneumat Systems. The powerful Dual Impact BinWhip removes the toughest buildup and blockages in industrial storage silos – without hazardous silo entry. Learn more today at BinWhip com.

In today’s episode my guest Brandon Bohle, Endpoint Security Team Manager at Interstates stops by to talk about mitigating the risks ransomware poses to businesses of all sizes. Learn how ransomware works, a few tips on how to avoid becoming a victim, and how to recover after an attack.

I hope you enjoy the interview. If you want to help out with the podcast and are listening to this in a podcasting app, please rate us and subscribe! If you’re listening online signup for the Feed & Grain Newsletter Industry Watch to see when new podcasts drop and stay up to date with all the latest news from around the industry.

Now onto the show.

Hi Brandon, thanks so much for joining me today.

Brandon Bohle - 01:04

Hey Steven, thanks for having me.

Kilger - 01:04:

Yeah, happy to. For anyone who doesn't know what you do, can you describe yourself and a little bit of your experience in agribusiness?

Kilger - 01:14:

Yeah, so at Interstates we really focus a lot on a lot of the value-added ag Industry within the US, so we work with a lot of feed and grain mills, different processing facilities. So basically, we do a lot of automation, development and building, but me, I focus a lot on the cybersecurity side of the house. We help secure networks and systems and programs that are running in your guy’s types of facilities so that they stay safe, they stay protected from the bad guys that are out there trying to cause chaos in the world today and really just let you guys do what you need to do, and I come back and help protect on the backside.

Kilger - 02:00:

 Yeah, those bad guys are relentless these days. They are constant and non-stop. For anyone who might not know, because we have such a range of people listening to these, what is like the big attack right now, ransomware attack, and why should companies worry about them, especially these small agribusiness companies who might have the mindset that no one wants to target them?

Bohle - 02:22:

 Yeah, so you're exactly right. Ransomware is probably one of the biggest things that we see targeting our customers nowadays, right? The reason these smaller ag companies should be concerned about it is its low effort from the attacker's perspective, so it's a lot like our phishing emails and frankly a lot of them come in through that type of phishing email and it's Kind of a throw out a wide net and see who we can affect. So, if you think back to 20 years ago, a lot of the ideas around cyber-attacks were, okay, who's the big player out there? How do we compromise them so we can get the biggest bang for our buck? And it's not like that anymore.

Bohle - 03:12:

 We do have that from time to time but now it's kind of let's throw out the wide net and if we can get $500 from a thousand people that's still going to be as much as if we could potentially hit one big fish so it's a lot less targeted nowadays than what we used to see in the past.

Kilger - 03:32:

Well, yeah, and nothing's going to ruin your day like a ransomware tech. It is not fun to deal with. And I mean, our publishing company is relatively small, but we have training, multiple trainings every year on ransomware. I get probably 10 emails a day that I know are suspect and probably contain ransomware. And I feel like with Agribusiness, I don't want to say we're behind on tech, but sometimes, you know, we're very busy. Feed mills are understaffed. There are more and more people doing more and more stuff.

Kilger - 04:01:

It can be hard to kind of Yeah, I would say they're just as or potentially even more vulnerable than larger businesses.

Bohle - 04:22:

Like I talked about a little bit earlier, the larger businesses have been trying to play this cat and mouse game with the attackers for a long time, whereas the smaller businesses and the smaller processing facilities and the agribusinesses like we're talking about today, they haven't been having to focus on those types of targeted attacks in the past. So, they haven't been doing the cybersecurity side of things for as long and where they've relied on the I'm a small fish, I'm not as big of a meal or a target for the attackers, so I'm going to be safe that way. A little bit of security by obscurity, but it's not playing that way anymore. It's not where you can just avoid everything and you're safe. So I think that's where some of these small agribusinesses are probably at just as much or potentially more risk than some of the larger businesses are.

Kilger - 05:18:

And it's one of those things where I feel like some people would, you know, consider it like I'm never going to fall for this. But to be fully honest with everyone listening to this right now, I fell for it about 10 years ago. That's why I'm hyper aware of them now, because I'll never forget that moment of getting that little message on my screen that I had to pay Bitcoin to an anonymous hacker, or I was going to lose all my files in the next couple of days. Luckily, it wasn't super sophisticated, and I was able to handle it, but it was really embarrassing having to go back through our Dropbox files on Feed & Grain and set all of them to go back to their previous version, so they weren't compromised anymore.

Bohle - 05:58:

Yeah, and you're right, that is really embarrassing. But the better time to be embarrassed about that is when you do internal training about that. I know within Interstates, we do tons of internal phishing assessments where you get this fake email that looks like it's coming from your boss or a customer, you know, and they're in a big hurry and they need something. And you click on it and you're like, well, shoot, now I must go through our internal training to show that I understand the risks that are associated with these. But to your point, it's better to be embarrassed in that controlled environment than having to go back and try to figure out the real type of situation where an attacker did fully compromise us.

Kilger - 06:44:

 Well, that's the thing, because that's the most common way they get in, right? Usually email, some kind of link that you're not a little suspicious, but you don't think and you click it. It's very easy to do, but it's a lot easier to be like, oh, I shouldn't have clicked that. I need to tell IT immediately. Then be like, well, I hope that doesn't turn out into anything. And then two days later, your computer locked down and your system compromised.

Bohle - 07:08:

Yeah, and that's why when we tell people to do those types of training, it's like, if somebody falls victim to this, it's just an internal one. Don't shame them, right? Encourage them to do better. Because if you get shamed, okay, now I'm going to try to hide this email that I clicked on from the IT group because man, they told me seven times in this training and they come down hard on me every time. I don't want that to happen to me next time, or I don't want to feel like my job is in potential danger, right? So, if I can hide it that I was the one who clicked on it, I'll be okay. No, encourage your employees to say, yeah, I did this by accident, right?

Bohle - 07:46:

No malicious intent on my part, but it happened. Go ahead and fix it quick so we're going to reduce the amount of potential downtime we lost or how much money like is going to ultimately affect us because in a production facility it's not just the monetary value of pay us so many bitcoins it's also product loss goes into this as well.

Kilger - 08:11:

Well yeah and the fact that you know it might compromise your customers as well, which is not a look that any business wants. It's just not good for anybody. What are some of the effective strategies and tools that you've come across that agribusinesses can kind of put into place themselves and help protect them from ransomware attacks?

Bohle - 08:33:

Yeah, so the first one is just employee training. Employees hate this, but your employees are your probably number one line of defense when it comes to protecting against ransomware, right? Training them in what good email practices are. How to identify potentially malicious emails that are coming through. Some of the last statistics that I have seen said that like 75 to 80 percent of all ransomware attacks come through that social engineering or phishing email type of avenue. So, if you can train and empower your employees to do better on identifying those things, that's probably the first relatively low-cost thing that small ag businesses can do. Beyond that, if you can get a good spam email filter that can kind of come in and identify some of these things and scrape a lot of the junk coming in right off the top and your employees never see it.

Bohle - 09:40:

That’s another good thing but that creates some additional overhead from either hiring an external company to implement and manage that in the long run or it creates the expertise that you must have in-house. So that's not necessarily always the best thing for small businesses that might be just a few employees that are very specialized in what they do and especially if you're already outsourcing your IT to another person as well. So, I would say those are probably two of the bigger things you can do. Beyond that, one of the other things that you can do is really rely on backups, implement your backups, test your backups, move them off site, right? And the backup part isn't necessarily a proactive type of response. It's more reactive, right? You rely on your backups when you've fallen victim to ransomware or to another attack, so that's where that's response.

Bohle - 10:41:

You talked about earlier how you clicked on phishing email and got locked out and had to go to your Dropbox to pull out old files, but luckily you had those Dropbox files, and you didn't have to go recreate something from scratch. Not going to name any names anywhere, but we have had Interstates customers come back to us and say, we lost things from a ransomware attack. Do you still have the program that you wrote for us? 10 years ago and sometimes by happenstance we still have those and still are able to find them and get the processing facility back up and running but man to rely on an external vendor that's just adding one more layer of complexity into the process. Do your backups, test your backups, make sure they're good and try to get them offline as well if possible.

Kilger - 11:33: Well yeah that's a good point because it's one thing if we lose old issue art and stuff like that, we keep but probably will never use again but to lose those programs, so you lose the things that make your business operate on a day-to-day basis is a disaster because who knows how long it’ll take to recover from that. What advice would you get If one of these agribusinesses are small, maybe you're a single location, and they might not have IT departments. Certainly not large IT departments. Are there good ways to get around that? Can they rely on third party vendors? What do you do in that situation?

Bohle - 12:08:

Yeah, so I would encourage those people to try to find a good third-party vendor who's willing to work with you, right? It's always an option to kind of get the big box vendors that you get their product and there's no customization, no working. You kind of turn into a number on their ledger in their books. Work with a controlled vendor who understands what's going on beyond just the IT space, understands the processing facilities that you have on the back end that's making you the money, and work with them. Figure out how you can essentially partner with them to get exactly what you need. At the price that you can afford it to rather than just saying this is the budget I have and oh too bad it's not enough for what we offer as a third-party vendor. Find somebody who's going to work with you and really make sure that you stay successful.

Kilger - 13:04:

It’s important. It's been important for a while, but with, you know, generative AI and all these other technologies, these attacks just seem like they're going to be more frequent, more sophisticated. And you should really be, have your employees on a training program and have some IT plans for when this happens to you. Because they're so frequent, it's hard to believe that no one in your team is ever going to fall for an email that has a mysterious link to it, right?

Bohle - 13:32:

Yeah, exactly. And we see it happen more and more often. It's scary how often it happens. Another option that some of these businesses have is looking into some sort of a cyber insurance. Cyber insurance is great for ransomware type of attacks. However, the things that come along with some of these cyber riders is showing that you have Put the effort in to securing your own environment, your kind of doing your own due diligence, so there is going to be some sort of back-end thing that you have to do within your own facility, and you can’t just rely on the insurance.

Kilger - 14:07:

I mean, if it does happen, I would think it's a good idea to have some kind of response prepared. Do you have, do you suggest a basic kind of ransomware response? If something happens, what should people do when that link or that attachment is clicked and it's on the system?

Bohle - 14:26:

 It’s really a case-by-case basis, but from a very general standpoint is making sure that you Limit the spread of the infection, right? So this can be done by either pulling a system offline, turning it off is an option. Some proactive things that can be done is limiting what systems can talk to each other by different network design and architecture. So, limiting your exposure is the first thing you can do.

But something else you can do moving forward is there's organizations like CISA that will come in and help clean up and help you do some investigation as to what is happening with your ransomware attack. I think there's things that kind of go along with agreeing to those assessments, but I think it's a lot better than, you know, trying to figure out some of those things on your own if you're not prepared or equipped to handle it.

Kilger - 15:26:

Yeah, for anyone out there who might be interested in this topic might want to know a little more about it. I hear you guys have a webinar coming up, how mailing operations can recover from ransomware attacks. Can you tell me a little bit about that?

Bohle - 15:40:

Yeah, so we're going to talk about What does a ransomware attack look like in a small ag business facility, right? Whether it's grain milling, whether it's different types of processing. What does that look like exactly? So, we kind of go from. The time it was clicked on by the employee, all the way through it propagating around the network, and then how do you take your proper response? How do you reach out and kind of go through the general step of re-getting your facility up and running and back to good again, I would say.

Kilger - 16:21:

I mean, I would encourage anyone to do it. We'll have a link to more information for that webinar in the description of the podcast. But it is June 11th. It's free to attend, I believe, so there's no real downside to going into it, huh?

Bohle - 16:34:

And we always love explaining how to help facilities, right? Obviously, we always want to help the facilities, but even beyond Interstates helping these organizations, right? We hate to see that line on the news about XYZ company falling victim to a ransomware attack or Some sort of a cyber-attack. It feels like we're seeing them more and more often through different media outlets, but we really want to see how we can help these companies get better at avoiding falling victim to cyber-attacks. Exactly. It's crazy how, at least at this point in time, cyber-attacks have evolved and how the criminals have gotten so much more organized and more sophisticated along their process.

Kilger - 17:24:

Yeah, because I mean, the game has changed when it comes to hackers. It’s not, you know, the movie representation of some guy trying to get by a firewall in another country. It’s just millions and millions of emails generated by AI sent to all of us all the time. Yeah, exactly. So, it's a good place to ask questions. Brandon, thank you so much for talking to me. If people want to know more about you or Interstates, where should they go?

Bohle - 17:53:

Yeah, our Interstates. com website talks about all the different services that we offer from cybersecurity to automation development to electrical engineering and design. So, we do everything from the ground up when it comes to the wires of a manufacturing processing facility. So, thanks for having me today, Steve and I really appreciate it.

Kilger - 18:17:

Happy too. Hope you can come again next time we have a big incident or something like that. Maybe you can be our expert in cybersecurity.

Bohle - 18:24:

Yeah, for sure, I'd love to.

Kilger - 18:25:

Awesome. Well, till next time, everyone stays safe out there and we'll see you soon.