Cybersecurity and cannabis may sound sound like two different worlds. In fact, cannabis operators might think no one would target an industry that does not even participate in the national banking system. Who’s going to know our passwords? Who’d hack a weed company? These are common reactions to cybersecurity, in all sectors.
APPLE INC.
-4.07
-2.67%
CONSTELLATION BRANDS, INC.
-3.69
-1.63%
TESLA, INC.
-10.94
-5.25%
AMAZON.COM, INC.
-2.62
-2.70%
Cybersecurity expert Brian Haugli told Benzinga in an exclusive interview that we’re all potential targets. Forget the evil nerd in a dark basement. That’s Hollywood. Most likely, if you’re in the cannabis industry, your hackers are likely part of global organizations that have turned hacking into a lean, mean money-making machine.
“Some people might say, who’s going to hack me? But cybersecurity goes way beyond protecting yourself from hacking,” said Haugli, who has worked for the US Defense Department.
Trending: Biden’s Walk In Kyiv ‘Worst Humiliation’ For Putin: Taleb
Must Read: When Japanese Police Warned That Kim Jong Un-Backed Hackers Were Behind Years Of Crypto Exploits
And they’re using a ‘shot-gun’ approach, meaning they are not hacking you because they dislike you, but rather, you’re an easy target. Through several ‘back-doors,’ they can infiltrate your WiFi, sweep your accounts, deviate payrolls and stop an entire facility until you pay a ransom.
“But cybersecurity goes way beyond protecting yourself from hacking,” Haugli told Haugli is also the founder and CEO of Sidechannel, a cybersecurity firm that works with cannabis companies of all sizes to help them adopt security policies and technologies that are already a standard for other industries.
Who Is Going To Hack Us?
He explained that cannabis companies are facing similar issues that industrial agriculture dealt with several years ago. “Agricultural companies understood that their filtration and irrigation systems, machines, and greenhouses, are all controlled by a corporate network and connected to the Internet,” Haugli said, adding that companies like Monsanto and others began addressing this situation years ago. Cannabis needs to catch up. “I’ve met a lot of folks in cannabis who have told me, ‘we have an I.T. provider.’ But they don’t have an I.T. team. And that’s where security steps in.
“Cannabis operators are starting to purchase systems, front-end, back-end, irrigation, lighting, etc. When they say, why me? Who’s going to hack us? They should ask themselves, ‘are we connected to the Internet?
“Everybody is taking orders, fulfilling requests, processing money online, making payments, and scheduling. Folks can worry about bad guys hacking them. But that’s not everybody. Sometimes you have malicious groups with a ‘shotgun approach,’ they spray-and-pray. They’re not targeting you, but they can hit you. They’re targeting your exposure,” Haugli said. “They can target you to either extort them through ransomware, data leakage, steal information, or just shut things down.”
From Russia With Love: An Industry Of Hacking
Haugli said many ransomware groups originated in the Eastern Bloc.
“Ex-KGB Stasi guys were able to hone in on kids coming out of great computer science colleges in Eastern Europe that couldn’t get jobs. We started seeing this, 20 years ago. Now you’ve got criminal syndicates operating with the blessing of Moscow. As long as they get a kickback, they’re allowed to operate.”
He noted that a variety of skill sets come into play and recommends that cannabis companies and executives stop thinking of hackers as unique individuals, rather, as mundane employees of offshore shell companies.
“These groups are running like businesses, they have H.R. and payroll, benefits, holidays, and shell companies structured around them so that they can operate. There are even quotas to meet!
“A lot of the stuff you need to run an IT infrastructure is the type of skill set you need to work with these criminal groups. They’re operating inside your Office 365 environment, and unless you understand very well how Microsoft works, you’re not going to be very good at infiltrating an email server to fraudulently move wire transfers of money to offshore accounts.”
Haugli said that like traditional agriculture, cannabis is at risk. “When you look under the hood, the cannabis industry is using the same systems and has the same vulnerabilities. Shutting down a plant for who knows how long, what is the cost of that?”
Countermeasures? Start By Training Your Staff
We often imagine cyber security solutions are technological and expensive. A data server the size of an SUV, licensed software, tons of processing capacity, a slick algorithm, or an extended network of edgy sensors.
In fact, there is a human angle that doesn’t necessarily require having the biggest gun in the room. Haugli says you need to work with your staff, which is why Sidechannel “focuses on the people who do the operations and are the largest attack surface.”
“There is standard employee training for every position, safety training, fire drills, CPR classes, and it makes a lot of sense to continue to do that around cybersecurity to protect your data and intellectual property, your brand, your reputation, and your company,” Haugli said, adding that training can take months but it’s essential.
Ctrl + Alt + Shift: Cybersecurity And Corporate Culture
Companies spent millions building cannabis brands, streamlining their supply chains, and patenting solutions, to drive costs down and efficiency up. All of that could vanish with a click from a hacker who could steal knowledge that took companies years and billions to gain.
He noted the importance of understanding that cybersecurity operates on a logical plane. “You can’t touch a database or intellectual property. It does not operate on a physical plane. But through training, you can get people to understand that.” Haugli added that hackers can cause more than capital loss but can also hurt workers.
“The last thing you want for a manufacturing operation is for someone to get injured. A change in a computer system, a machine spinning too fast or too slow, could hurt a person,” Haugli said.
Haugli noted that corporate espionage is sometimes overlooked by security frameworks designed for physical spaces. The web should be thought a tangible space, requiring a change in corporate and security mindsets.
“Companies have unscrupulous competitors, who are willing to take a shortcut to their success and steal ideas. We’ve seen the Chinese government do this to US companies. We’ve seen corporations do this to other corporations inside the US,” Haugli said.
“Companies are fine locking the front doors and hiring a security guard at their building, but sometimes they won’t patch or secure the computer systems or the cloud systems that hold their intellectual property. Nobody is going to physically steal the intellectual property of a cannabis company. It’s a lot easier to go through the system than through a wall.” Haugli cautioned.
“People need to look at where they are in the cannabis supply chain, whether they’re growing, distributing, manufacturing, or selling cannabis products, and take the steps to address different risks,” Haugli concluded.
Image Credits: Brian Haugli – lindsayfox on Pixabay and photo: Courtesy of Side Channel.
© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
SPONSORED
Retirement can be a difficult part of life to navigate, and a financial advisor can help. Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to three financial advisors who serve your area, and you can interview your advisor matches at no cost to decide which one is right for you. If you’re ready to find an advisor who can help you achieve your financial goals, get started now.
This article EXCLUSIVE: Ex-KGB Cyber Criminals With Ties To Moscow Could Steal Your Cannabis Business Info & Money, Expert Warns originally appeared on Benzinga.com
.
Recent Comments