Nelson Zandbergen
Farmers Forum
OTTAWA — Farms remain dangerously underprepared for the escalating threat posed by online cyber criminals who are already raking in more money globally than the illegal drug trade.
According to Eugene Ng, cyber security leader at MNP, one of Canada’s largest business consulting firms, the agricultural sector is a sitting duck for these “threat actors,” yet the vast majority of farms lack the basic safeguards necessary to survive a modern digital assault.
The situation is detailed in MNP’s Cyber Security on the Farm 2025 Report, which warns that commonly deployed high-tech equipment on the farm comes with significant vulnerabilities. It’s an opening for the online scammers and fraudsters already inflicting enormous costs on the broader economy.
The worldwide cost of cybercrime last year was projected at U.S. $10.5 trillion, Ng said in an informational webinar hosted by the Ontario Federation of Agriculture. The inconceivably huge figure is four times the size of Canada’s economic output and exceeds the profits of the worldwide trade “of all major illegal drugs combined,” he said.
“Cybercrime is currently the greatest transfer of economic wealth in history. Just don’t make it yours,” Ng warned farmers on the call.
The MNP report highlights that 82 % of Canadian farmers believe they have never experienced a cyberattack and nearly 80 % lack a response plan if attacked. Cybersecurity experts argue this reflects a profound lack of awareness rather than an absence of risk, noting that many stealthy attacks, such as phishing or malware, often go undetected.
A malware attack involves the deceptive installation of malicious software on a computer or device to render systems inoperable or inaccessible until a ransom is paid. The malware often gets into a system when the user is tricked into clicking an illegitimate link.
Phishing involves a ‘social engineering’ technique where scammers use fraudulent communications, such as sophisticated email lures, AI-generated messages or fake websites, to trick individuals into clicking malicious links or revealing sensitive credentials. Often, the end game is to gain access and control over a business email account, which is then used to send out fake invoices to that business’s customers. In cybersecurity lingo, this maneuver is also known as a Business Email Compromise (BEC).
Victims rarely tell the authorities that they’ve been scammed. According to Ng, fewer than 5 to 10 % of all cyber incidents are actually reported to the Canadian Anti-Fraud Centre (CAFC). This means that while official records show hundreds of millions in losses in Canada, the true economic impact on Canadians is estimated to be closer to $15 billion annually.
Artificial intelligence is supercharging the phenomenon, by empowering cybercriminals to craft highly sophisticated, targeted attacks that exploit human trust.
AI now makes it possible for a scammer anywhere in the world to craft a properly written and spelled email in English or any language, once they control a local business owner’s email account. Long gone are the weird, unpolished messages of correspondents sitting somewhere in the Third World.
In one Eastern Ontario case, an agribusiness lost $40,000 when the company bookkeeper received emailed instructions from what seemed to be their employer to transfer funds, but it was actually scammers behind the message from the compromised account, according to IT company operator and cyber security expert Jim Cooper of Embrun.
The best first step to protect yourself is for you and your staff to never open an email attachment or link that you don’t recognize. Then be sure that all your email accounts have two-factor authentication. Also, change all default passwords on every piece of Wi-fi connected equipment on the farm.
Ng warned that fraudsters are using real-time video “deepfake” AI technology to convincingly impersonate company bosses on screen, complete with digital filters that change their faces. A Hong Kong company lost $25 million in 2024 after an employee was fooled into transferring funds because of fake colleagues who communicated by video chat.
More mundanely, Ng demonstrated that AI has made it easy to clone entire websites, complete with surreptitious links for phishing purposes. Often, the site will rely on what appears to be the standard benign “I am not a robot” pre-check, but with added instructions that, if followed, execute malicious code on the user’s computer. This exploit is known as “ClickFix.”
Looking forward, the digital landscape is poised for further disruption as AI improves and quantum computing goes mainstream. Quantum computing technology will be able to break standard encryption safeguards within the next five to seven years, he predicted.
Experts agree that immediate, practical steps are required to manage risk on the farm.
Start by conducting an inventory of all digital systems and data. You cannot protect what you do not know you have. Check every last piece of Internet-connected technology on your network — from robots to routers to precision-ag electronics — to ensure that passwords aren’t still stuck on the manufacturers’ default. The crooks can get those default passwords and use them to gain access to your systems if custom passwords haven’t been set up.
Exercise skepticism: Don’t open an email attachment you are not certain is legitimate. If you receive an unexpected request for information or payment, verify it through an alternate, trusted channel rather than clicking the link. Do not reply to the suspect email even if it comes from a familiar contact.
Keep personal devices, which are often at higher risk due to web browsing and email, separate from the production network that controls critical farm equipment. Ng goes even further, suggesting he would not use a cellphone made by China’s Huawei.
Use multi-factor authentication (MFA) for all financial and sensitive accounts, and maintain regular, offline backups.
Cyber Insurance: While only about 10 % of small-to-medium businesses currently hold standalone cyber insurance, it is a crucial risk management tool. However, Jim Cooper warns that 90 to 95 % of claims are denied because businesses fail to maintain the security standards required by their policy.
Cooper echoed the necessity of moving past the “ostrich syndrome” of keeping one’s head in the sand. “Just because you’re a farmer in rural Ontario, you’re still a target,” he emphasized. “If you’re on the Internet and you’re sending email, you’re a target.”
Click Here For The Original Source.
