Cyber attacks are a significant business concern in countries worldwide, and all organisations must prioritise their cyber security postures. It’s clear the threat landscape is expanding too, and falling victim to industrial cyber crime can have dire consequences for an organisation. These include downtime, sensitive data loss or theft, network disruption and deteriorating reputation.
According to UK government research, 39% of businesses reported being hacked in the last 12 months. Ransomware attacks were considered the most significant cyber threats facing the UK last year, with the National Cyber Security Centre (NCSC) even suggesting ransomware attacks could be as harmful as cyber warfare and state-sponsored espionage incidents.
Indeed, no business is immune to experiencing a cyber security crisis, regardless of its size, location or industry. Rural businesses, however, face unique disadvantages compared to their urban counterparts. While all businesses struggle to keep the tide at bay, rural businesses tend to suffer from complacency, lack of a mature cyber security posture, and a lack of resources. These organisations, therefore, must build upon their knowledge and increase their cyber resiliency in order to keep threats at a minimum.
Rural businesses are just as likely to be attacked as their urban counterparts
According to the Department for Environment, Food & Rural Affairs (DEFRA), rural England played host to 549,000 registered businesses in 2020 and 2021, accounting for 23% of all organisations in the country. These businesses were responsible for employing 3.6 million employees. The same report also shows 14% of these are in the agriculture, forestry and fishing industries; this sector is vitally important – in 2020 alone, it contributed over £9 billion.
Although remote and seemingly out-of-reach, these rural organisations are very much still in the spotlight. They mostly tend to be small or medium-sized businesses (SMBs), so owners might feel they can fly under a cyber criminal’s radar. These businesses, however, are still very much a target. Both rural and urban businesses face similar cyber security challenges, even if small business owners may think otherwise. Common types of cyber attacks on SMBs of all stripes include ransomware attacks, phishing or whaling, database breaches, malware infections and fraudulent payment requests.
As Phillip Hummeau, CEO of open source collaborative cyber defence platform CrowdSec, suggests: “Rural communities face the same cyber security challenges as large cities, but lack sufficient resources to prevent and repair cyber attacks.”
What cyber security disadvantages do rural businesses face?
One significant cyber security disadvantage rural businesses face right now is the high cost of cyber insurance premiums. In 2021, 29% of SMBs in the UK ditched their plans to cut costs. Many SMBs don’t believe they’d be a major target of a cyber security attack, thus prompting them to accept the risk and cancel their insurance coverage.
Another disadvantage rural businesses grapple with is their inability to implement full-time cyber security. Eric Florence, a cyber security analyst with SecurityTech, was often hired by rural companies as a consultant because they never had the means to focus on cyber security. According to Florence, “hackers have known for years that rural databases are easy money in terms of security”.
It’s also common for rural companies to fall behind on security due to limited funding and a shortage in cyber security skills, alongside the use of outdated technology systems. Maintaining a strong cyber security posture is already a challenge for the most digitally mature organisations. Some of the factors used to measure a company’s digital maturity, include their technological capabilities, IT infrastructure, use of existing technology, digital integration, as well as employee training and skills development
Rural businesses that don’t have these foundational elements in place are considered the least digitally mature, putting themselves at a significant disadvantage and making them an easy, attractive target for cyber criminals.
Rural businesses around the world are targets
Cyber security issues in rural areas aren’t limited to businesses in the UK. The US government, for example, has issued several warnings to agricultural businesses regarding a measured increase in cyber attacks.
“These attacks have taken many different forms, from malware infections that can damage or destroy crops to more sophisticated attacks that aim to hijack irrigation systems and other vital farm equipment,” says Magda Lilia Chelly, chief information security officer (CISO) of Responsible Cyber.
Rural industries and businesses in Australia are also vulnerable. For instance, two high profile attacks include a 2020 malware attack that shut down New Zealand and Australian wool sales alongside a 2021 attack on JBS, a global meat processing giant.
Other cyber attacks in several countries have negatively impacted rural areas, meaning these cyber security threats are indeed prevalent globally. It seems security, especially in rural communities, will become a more pressing issue in the future
How can rural businesses approach cyber security?
Rural businesses in the agriculture, forestry and fishing sectors are using more digital technologies and automated agriculture equipment, particularly Internet of Things (IoT) devices, which will inevitably increase the attack surface.
Online accounting tools, email, digital payment solutions and the latest agricultural innovations, such as driverless tractors, automated milking machines and harvesting robots, can also increase a rural business’ cyber security exposure.
Thankfully, rural organisations don’t have to manage cyber security alone. According to Keiron Holyome, VP for BlackBerry in UKI, Middle East and Africa, “automated cyber security solutions that leverage AI can support businesses of all sizes to overcome cyber security challenges without blowing their budgets.”
Holyome also encourages rural businesses to work with a managed service provider (MSP) to deploy endpoint protection and a 24/7 externally monitored service known as extended detection and response (XDR). Rural organisations can use these measures to implement enterprise-level cyber security for a fraction of the cost.
What assistance could the UK government offer?
Rural organisations can access government resources to improve their cyber security posture. For example, NCSC offers a wealth of cyber security guidance and other helpful resources for UK farmers on its website.
The Northern Irish Department of Agriculture, Environment and Rural Affairs (DAERA), meanwhile, announced a cyber security course for farming businesses and their families in January. It was developed by the College of Agriculture, Food and Rural Enterprise (CAFRE) and is supported by the Northern Ireland Cyber Security Centre. Participants learn skills including:
- Benefits and risks of working online and using online services
- Protecting operating system (OS) and application software
- Keeping devices safe and secure
- Keeping data safe and secure while communicating, accessing information online and performing transactions
Leveraging these resources can be a starting point to help educate rural business owners and get them started on bolstering their cyber security outlay.