The Food and Ag-ISAC has released its updated Cybersecurity Guide for Small and Medium-Sized Enterprises, incorporating findings from the latest Food and Ag Cyber Threat Report. The guide revises previous recommendations and introduces new, practical steps to help businesses improve their cyber defenses. The twelve security practices recognize that organizations are not fully immune to cyber threats, but many of the practices outlined can meaningfully reduce risk, oftentimes at little to no cost. Small, affordable adjustments to cybersecurity protocols can make a significant difference in preventing incidents.
Adopting these measures can lower the chances of a successful attack and boost the organization’s resilience and recovery capabilities. While they don’t offer absolute protection, they help to significantly strengthen an enterprise’s ability to withstand and respond to cyber incidents.
“Nearly 70% of adversaries use stealth and persistence to evade detection, leaving many small and medium-sized businesses vulnerable,” Jonathan Braley, director of the Food and Ag-ISAC, wrote in an emailed statement. “Cyber threats don’t discriminate by company size, and neither should cybersecurity preparedness. When small businesses secure themselves, the whole food and ag sector becomes stronger together.”
The cybersecurity guide identified that security awareness training is a critical first step in protecting organizations across the food and agriculture sector. Employees often serve as the first line of defense, and giving them the knowledge to recognize and respond to suspicious activity can prevent incidents before they happen. Human error is a factor in about 68 percent of security breaches, but this risk can be reduced significantly with proper education.
Training programs vary by organization but usually include guidance on password security, data privacy, and phishing threats. These efforts can lower the risk of a breach by as much as 30 percent. Ongoing education, regular testing, and periodic refreshers are essential to keeping staff prepared.
While all sectors benefit from employee training, food and agriculture organizations are especially vulnerable to social engineering attacks. Establishing a strong training program is one of the most effective and accessible ways to strengthen their cybersecurity posture.
Phishing remains one of the most common and effective methods cybercriminals use to infiltrate organizations, despite the rise of more advanced attack techniques. The cybersecurity guide disclosed that over 90 percent of successful cyberattacks start with phishing, making it a persistent threat across sectors. In food and agriculture, it ranks as the second most common tactic.
Attackers often craft emails with urgent messages or impersonate well-known companies to prompt recipients to click on malicious links or attachments. These actions can lead to malware infections and data breaches. In some cases, phishing attempts appear to come from trusted colleagues or partners, a technique known as business email compromise. Verifying unexpected requests through a separate communication channel is critical to prevent falling victim to these schemes.
Software vulnerabilities are common across IT systems and manufacturing equipment used throughout the food and agriculture supply chain. Even well-secured applications can introduce new bugs during updates, creating opportunities for cybercriminals to exploit systems.
Keeping software, firmware, and drivers up to date is essential for maintaining a strong security posture. Organizations should monitor for updates from vendors and apply patches as soon as they become available. Enabling automatic updates can help ensure timely protection. If a patch is delayed, it is important to follow vendor guidance for temporary safeguards or disconnect affected systems until a fix is released.
The Food and Ag-ISAC cybersecurity guide lists multi-factor authentication as a critical layer of defense that significantly improves account security. While strong, securely stored passwords are important, they are no longer sufficient on their own. Many breaches occur because passwords are weak, reused, or stored in unsecured places.
MFA requires at least two forms of verification, such as a password and a mobile device, making unauthorized access much harder. Even if a password is compromised, an attacker would still need access to a second factor, like a phone or authentication app. Application-based MFA provides stronger protection than SMS-based options. Cybercriminals often look for easy targets. By enabling MFA, organizations in the food and agriculture sector can make systems more resistant to attacks at minimal cost and effort.
It also prescribed remote monitoring and management tools that help businesses oversee IT systems, but also pose serious risks. Cybercriminals have exploited RMM to gain unauthorized access and launch attacks, prompting warnings from federal agencies. To reduce exposure, organizations should use multi-factor authentication, apply patches promptly, enforce strong passwords, audit access controls, and require VPN use during travel. Proper safeguards are essential to prevent misuse of these tools.
The cybersecurity guide also calls for limiting which applications can run on company devices, which reduces the risk of malware infections. Application allowlisting blocks all software by default and only permits those specifically approved by administrators. This approach helps prevent the accidental installation of harmful programs. Allowlisting supports a zero-trust security model, which assumes no request is safe without verification. Despite its effectiveness, adoption remains low, with only about a third of organizations using it. Applying this method is a strong defense against malicious activity.
Furthermore, it noted that system failures and cyber attacks are inevitable, making data backups essential for rapid recovery. The effectiveness of a response depends on how well data is backed up, where it is stored, and how quickly it can be restored.
Offline backups are recommended because they are not connected to the internet and are protected from hacking, ransomware, and corruption. In time-sensitive sectors like food and agriculture, prolonged downtime can cause major disruptions and financial loss. Regular, secure, and tested backups are critical to maintaining operations.
Food and agriculture organizations should identify and prioritize the most critical data, choose suitable backup methods, and store backups in multiple locations. On-premise and cloud solutions both offer benefits, but offline storage remains the most secure. Backup schedules should reflect how frequently data changes, and all backups should be protected from tampering. Recovery procedures must be tested regularly to ensure backups can be restored quickly when needed.
Data encryption is a powerful defense that renders stolen information useless to attackers. By securing data both at rest and in transit, encryption helps protect sensitive assets even if devices are lost or systems are breached. Encrypted data cannot be accessed without the correct decryption key, making it difficult for attackers to extract value. This reduces the impact of breaches and can prevent ransom demands from being effective.
For organizations in the food and agriculture sector, encryption helps safeguard critical business information, including partner, supplier, and customer data, supporting overall resilience and trust across the supply chain.
The Food and Ag-ISAC cybersecurity guide recognized that account auditing and continuous monitoring play a key role in detecting threats early and supporting incident response. Auditing helps identify unauthorized access, failed login attempts, policy violations, and unusual account behavior. Monitoring provides visibility into user activity, data transfers, and system operations across networks, cloud environments, and endpoints.
Together, these practices help uncover dormant, abandoned, or compromised accounts that could be exploited. In sectors like food and agriculture, where many systems are network-connected, monitoring and auditing are essential to minimize operational disruptions caused by insider threats or account takeovers.
It also identified that sharing threat intelligence with peers, partners, and employees is an important strategy for strengthening cybersecurity defenses. It helps uncover irregularities, vulnerabilities, and active threats sooner, allowing for faster response and better preparation. No single organization has full visibility into the evolving threat landscape. By exchanging information on tactics, techniques, motivations, and other relevant insights, organizations gain critical context to adjust defenses effectively.
In sectors like food and agriculture, where cyber threats can disrupt vital operations, collaboration and open communication are essential. Collective awareness builds resilience and helps protect entire ecosystems.
The Food and Ag-ISAC guide noted that an incident response plan is essential for managing and recovering from cybersecurity events. It outlines roles, responsibilities, and procedures to reduce confusion during a crisis and helps restore operations quickly.
Documenting the plan is only the beginning. Regular testing is critical to identify gaps, improve effectiveness, and ensure teams are prepared. Annual testing is a baseline, but more frequent exercises can lead to faster, more efficient responses. A well-practiced plan helps limit damage, protect reputations, and maintain business continuity.
The Food and Ag-ISAC guide identified that applying the principle of least privilege and role-based access control limits access to only what is necessary for a specific role, reducing the chance of insider threats and minimizing potential damage. These controls are especially important in industries like food and agriculture, where staff turnover is frequent and various technologies require different access levels.
Successful implementation involves identifying all accounts and systems, assigning appropriate access based on job duties, and avoiding broad permissions. Regular access reviews and immediate offboarding of former employees are critical to maintaining security and preventing unauthorized access.
In conclusion, the guide mentioned that building and maintaining a strong cybersecurity posture is essential for organizations in the food and agriculture industry. “For small and medium-sized businesses, protecting digital assets, operational systems, and sensitive data is vital to maintaining trust with key customers and partners and safeguarding the integrity of the supply chain.
The Food and Ag-ISAC guide also pointed out that as “cyber threats continue to evolve, your defenses must as well. Implementing the above mitigations can help companies significantly reduce their risk of attack and improve their resilience without needing to invest an exorbitant amount of money or resources. On the contrary, these relatively small changes pay big dividends in protecting your information, leading to saved time and capital in the process.”
Clearly, “cyber defense is an ongoing process, but every effort helps to make your organization and the sector a safer place for all.”
