Cybersecurity for the Agriculture sector
In recent years, Hunt & Hackett has observed a significant rise in activity by Advanced Persistent Threat (APT) groups targeting the agricultural sector. This surge coincides with the Netherlands’ prominent role in global agriculture—an inspiring example of innovation shaping the future of farming. Dutch agriculture, driven by cutting-edge precision techniques and world-class research, has propelled the country to the position of the second-largest agricultural exporter globally, just behind the United States. This unparalleled success has not gone unnoticed. As the Netherlands leads in agricultural R&D and innovation, it has also become a prime target for nations and threat actors seeking to exploit its intellectual property, technologies, and breakthroughs.
How can you address this growing threat?
A well-known adage offers a timeless strategy: “Know thy enemy and know thyself; in a hundred battles, you will never be defeated.” Understanding your adversaries begins with gaining insight into the threat landscape—their intentions, methods, and specific tactics. The sections below provide an overview of the agriculture-specific threat landscape, shedding light on the current risks and challenges. We also outline our approach to defending against these threats, empowering organizations to safeguard their innovations. For deeper insights, explore our blog series linked at the bottom of this page, which delves further into the evolving agricultural threat landscape.
Threat landscape
For the agriculture industry
Advanced Persistent Threats (APTs)
Tactics, Techniques & Procedures (TTPs)
Attack tools
| Agriculture | Agriculture + related | Broader focus | All known | |
|---|---|---|---|---|
| APTs | 105 | 150 | 505 | 801 |
| TTPs | 1,794 | 2,520 | 3,524 | 4,112 |
| Attack tools | 1,580 | 2,139 | 3,022 | 3,666 |
Agriculture faces more cyber threats than ever
To stay in control becomes increasingly difficult
Our proprietary threat diagnostics system shows an increase in malicious activity targeting the agriculture sector in recent years. As the industry embraces data & innovation—integrating IoT devices, senors, and robotics to tackle global food challenges—the attack surface has expanded significantly. This rapid digitization has made the agriculture sector an attractive target for cyber espionage and information theft.
Compounding this risk, the agriculture sector operates on razor-thin profit margins and strict production timelines due to the perishability of fresh goods. This creates a fragile supply chain - one that ransomware operators readily exploit. The urgency of food production pressures organizations into rapid decision-making, making them more likely to pay ransoms to restore operations quickly.
Because of these factors, nation state actors and financially motivated cyber-criminals alike view organizations in the agriculture sector as high-value targets. If you operate in agriculture, the risks of cyber-attacks are escalating, especially if the appropriate defenses are not in place.
Actor overview
The most active attack groups targeting the agriculture sector are shown in the dynamic chart highlighting the relationships between the various threat actors, their motivations, and their country of origin. The long list of origin countries highlights just how many nations have APT groups focused on agriculture.
Knowing the key APT (Advanced Persistent Threat) groups, their motivations, and origin countries provides a foundation for understanding the risks specific to agriculture. To get a more comprehensive understanding of the threat landscape, it is important to research, map, and document your adversaries’ intentions to their modus operandi, attack methods and attack tools, as this provides more actionable information for strengthening your defenses.
How it works
Threat landscape for the agriculture sector
Attacks in the agriculture sector
Look down! Look out! Look up!
Although cyberattacks in the agriculture sector are happening with greater frequency, the sector being the 7th most targeted one by 2024,[1] and attacks often have serious consequences, they rarely make front-page news unless a breach directly impacts food availability. This section provides a brief overview of some of the most significant cyber incidents within the industry. However, it’s important to bear in mind that this represents only a fraction of the cyber activity actually taking place in this sector. One noteworthy incident per year has been selected to illustrate the potential scope and severity of such attacks, but the true scale of the issue is far broader and largely under-reported.
January 1, 2022
16:00 PM
Vital Bircher
2024
In 2024, Swiss farmer Vital Bircher experienced the severe impact of a ransomware attack that disabled his farm's computerized milking system, cutting off essential animal health data. Without this information, the farmer was unable to monitor his herd's vitals, which led to the death of a pregnant cow and her unborn calf. The ransom demand of $10,000 went unpaid, leaving Bircher with losses estimated at 6,000 Swiss francs (around $6,880) for veterinary costs and a new computer.[2] While the immediate costs and impact of this attack might seem relatively minor—with “only” a few thousand dollars in damages and “only” two animals lost, without affecting the food supply—this incident starkly illustrates that the cyber world is far from separate from the physical world. The actions of a ransomware group, or even a single financially motivated individual, can directly result in the death of farm animals. This attack showcases the dangers of smart farming – and expanding this scenario to a larger scale is merely a matter of time, not capability.
January 1, 2022
16:00 PM
Dole
2023
In early 2023, produce giant Dole faced a significant disruption when a ransomware cyberattack forced the temporary shutdown of production plants in North America, halting food shipments to grocery stores. This cyberattack, confirmed as ransomware by Dole, was first disclosed in memo from Dole's Senior VP at the Fresh Vegetables division, which indicated that the company had taken immediate steps to contain the breach by shutting down systems across North America. The shutdown affected Dole salad kits in grocery stores, leaving customers across the country with bare shelves and prompting stores to share information about the attack with shoppers.[3]
January 1, 2022
16:00 PM
HP Hood Dairy
2022
In 2022, Massachusetts-based HP Hood Dairy experienced a cyberattack that forced the temporary closure of 13 dairy plants and disrupted milk deliveries to customers, including school districts in New Hampshire. While details about the attack remain limited, some experts speculate it was likely ransomware, though no public confirmation has been made.[4]
January 1, 2022
16:00 PM
JBS Attack
2021
In May 2021, JBS, a leading global meat supplier from Brazil, fell victim to a cyberattack suspected to be orchestrated by the Russia-based group REvil. The attack forced JBS to shut down several large meat processing plants in the U.S., Canada, and Australia, leading to concerns over meat supply disruptions and price increases. In response, JBS took precautionary steps by suspending IT operations across North America and Australia to contain the threat, though its backup systems remained unaffected. In a bid to secure its operations and prevent further harm, JBS made an $11 million ransom payment in Bitcoin.[5] Although JBS reported that no employee or customer data had been compromised, the event underscored the rising threat of ransomware attacks on critical infrastructure, following the Colonial Pipeline attack a month prior.[6]
Key Trends
For the agriculture sector
The agriculture sector is undergoing a rapid transformation driven by smart farming technologies, including IoT devices, sensors, robotics, and autonomous vehicles. These innovations increase precision, efficiency and yield, but also introduce new risks. The interconnected systems at the heart of smart farming are inherently vulnerable to cyberattacks, making cybersecurity an urgent, yet often overlooked, concern. Traditionally a low-tech industry, agriculture faces challenges in developing the technical expertise and organizational readiness needed to keep pace with such rapid digitalization.[7]
However, the challenges faced by food producers are not limited to cybersecurity. Farmers are grappling with new environmental requirements and financial pressures, forcing them to balance innovation with sustainability. Adding to this, agriculture’s vital role in global food supply chains has made it a strategic target in geopolitical conflicts. APT groups increasingly view disruptions to food production as a tool for economic and political leverage, exposing food producers to increasingly sophisticated attacks. The section below outlines the key trends shaping cybersecurity for the agriculture sector.
Resource constraints and under-funding in the agriculture sector
Despite significant investments in smart farming technologies over the last decade, cybersecurity funding within the agriculture sector remains markedly insufficient. Unlike other critical infrastructure sectors—such as energy, nuclear, and healthcare—the agri-food industry receives a fraction of the cybersecurity funding needed to protect the sector as it experiences rapid digitalization.
This leaves food producers to bear the (sizable) cost of implementing sufficient security measures. Farmers, processors, and distributors have already invested heavily in smart technologies to increase efficiency and output. Now, they face the added burden of high cybersecurity costs to protect these new systems—costs that can be prohibitively expensive, particularly for smaller businesses operating with narrow profit margins.[8]
Low organizational and technological readiness
The agriculture sector faces a dual challenge of limited cybersecurity awareness and a workforce skewed towards an older demographic. With the average age of farm managers rising, there is the potential for an information barrier to emerge regarding cybersecurity practices, hampering future implementation of the appropriate security measures.
In addition, many smart farming devices were developed before cyberattacks targeting critical infrastructure were commonplace, and therefore were not developed with security in mind. Additionally, a recent review found that many smart farming devices are still in the prototype or early development stages, despite being used widely. As these technologies advance, the potential for vulnerabilities only increases, necessitating research and risk assessment to ensure safe deployment in agricultural environments.[9]
Food availability as a weapon of war
In recent years, food production has been used as a geopolitical target in global conflicts. A notable example occurred during the early stages of the Russia-Ukraine war, when Russian APT Sandworm targeted a Ukrainian agricultural firm with file-encrypting malware. Microsoft assessed that this attack likely aimed to disrupt Ukraine’s grain production—a critical component of the nation’s economy and a major export commodity.[10]
The Netherlands as a strategic target
The Netherlands, recognized for its innovative agricultural practices and significant contributions to global food production, has increasingly become a target for cyber-attacks. As pioneers in sustainable farming practices, Dutch organizations hold the keys to valuable intellectual property and technological advancements. This makes them prime targets for IP theft, data breaches and espionage. China, Russia, North Korea and Iran are among the countries who have targeted Dutch companies in the agriculture sector.[11]
How to defend yourself?
Threat model approach
To defend against this threat landscape, it is equally important to gain critical insights into the current resilience level of your organization. To understand thyself it is useful to let (third-party) security specialists assess your defenses and simulate meaningful attacks. When done right, such an approach provides critical insights into the resilience level of the organization against its threat landscape. Hunt & Hackett use its proprietary threat modelling-based approach with its clients in the agriculture sector to provide meaningful insights as well as tailored solutions for the strategical, tactical, and operational aspects of their cybersecurity program.
More detailed information on the threat landscape for this sector?
Already a member? Login here
Our approach
Controlling your cybersecurity risks
In their fight against cyber attacks, our customers typically go through several stages of maturity. By ramping up their prevention, detection and incident readiness over time – and optimizing this for their actual threat landscape – they reach a point where they have developed solid resilience against targeted attacks, with only highly controlled and accepted risks remaining.
There is no simple 'fix' to become resilient against the sophisticated cyber threats of today. Without serious resources or processes for systematic security activities, protection against modern cyber threats like ransomware is just a wish. Hunt & Hackett has developed a unique threat- and sector-driven approach to cybersecurity, enabling you to work from your current situation to a highly improved and controlled situation, optimized for your specific threat landscape and context as an organisation.
STAGE 1: Unknown risk
Pre-monitoring
-
STAGE 2: Reduced risk
Post-monitoring
-
Detection & response controls
Resilience against non-targeted attacks
STAGE 3: Controlled risk
Implemented roadmap
-
Resilience against non-targeted and semi-targeted attacks
STAGE 4: Highly controlled risk
Targeted attack resilience
-
Our services
Optimized for the agriculture industry
Because we use your actual threat landscape and your sector as our starting points, our services are optimised for your specific context and needs.
Managed Detection & Response (MDR)
We detect & react to attacker activity in your environment, minimizing the impact on your business.
Security Program Gap Assessment (SPGA)
We assess your current security program, threat landscape, security controls and risk.
Incident Response (IR)
We help you manage a cyber crisis and contain security incidents, breaches and cyber threats.
Breach & Attack Simulation (BAS)
We validate your security choices by simulating attacks.
Our articles about the agriculture sector
From Hunt & Hackett experts
06Jun
Cyber risks in agriculture: A guide for business leaders
27Jun
Spear Phishing: How it works and why you should care
19Jan
De dreigingen, oplossingen & ervaringen in de land- en tuinbouwsector
02Aug
The SolarWinds attack: A contrarian view and lessons learned
26Aug
Agriculture in the crosshairs of nation-state sponsored hackers
Learn more about our threat research?
