The Perfect Pairing – Wineries and Cybersecurity

Wineries are prime targets for cybercriminals, who can cork your whole business.

Key Takeaways:

• It’s no secret that cybercrime is on the rise, and wineries may be easy targets if they lack sufficient cybersecurity.
• In 2021, 61% of small and medium-sized businesses were attacked.
• The average cost of these data breaches was $3 million per incident.
• Sadly, 60% of small businesses go under within six months of a cyberattack, and if they stay open, 25% will lose business because of the damage to their reputation.
• Cybersecurity is a world of complexity and constant evolution. Protecting your winery requires professional help. 

The number of cyberattacks is increasing every day, and bad actors are using techniques old and new to hack into networks and steal valuable data. As someone in the world of viticulture, you probably think there’s nothing there to steal, and sophisticated cybersecurity isn’t needed. Unfortunately, whether you have a small family-owned winery or a large-scale operation, leaving cybersecurity to chance could put you out of business.

This isn’t a new problem.  In 2020, Brown-Forman was targeted by ransomware operators, who informed the company that they spent quite a bit of time perusing their user services and their general architecture, as well as their cloud data storage. 

Brown-Forman,  had enough cybersecurity in place to keep their data from being encrypted, but not enough to prevent or catch the attack: the hackers had access for over a month before making their presence known. The risks of a data breach keep rising. In 2021, 4,100 data breaches exposed about 22 billion records, and that number was expected to increase to 33 billion records in 2023. Let’s look at the cybersecurity risks for wineries and how to protect yourself.

Why would cybercriminals target a winery?

It may seem unlikely that a winery would be vulnerable to cyberattacks. After all, you’re hardly holding state secrets or the plans for a new weapon system. You probably have proprietary information stored on your network, but that isn’t a very appealing target. But do you know what is? All your customer and employee information.

This information is valuable because it contains things such as social security numbers, credit card information, full names, dates of birth, and other personally identifiable information, all of which can be used for identity theft.

Hackers then sell the information on the black market via the dark web. And in case you were wondering, your company’s financial information is useful, too. But don’t panic. Here, we’ll explore the most common cyberattack methods, how to protect yourself, and why you might want to turn to an expert for help since your focus is wine, and it’s important to keep it there.

Common methods of cyberattack in wineries

Hackers are clever, and they’re kind of like cockroaches. They evolve, and cybersecurity has to evolve right along with them. This requires blocking bad actors from every direction, which involves technology and people. You’ll see why as we cover the most common means of attack.

Phishing

Phishing dupes its targets by contacting them via email (most common), telephone, or text and pretending to be a legitimate organization. They then trick the person into providing personally identifiable information, banking details, credit card numbers, passwords…you name it.

Phishing emails fool people by using these common methods:

• Lucrative offers that are too good to be true. We’ve all seen these in our inboxes or spam folder. “You’ve won a new iPad!” they proclaim. But of course, you haven’t, and if you click on the link, instead of a fancy prize, you’ll be the unlucky recipient of some malware.
• Act now…or else! These emails present an offer that’s too good to turn down, but you have to move fast. Another fun tactic is for bad actors to pretend to be your bank, credit card company, or anyone you deal with that has your personal information (even a streaming service). They tell you that unless you take immediate action to update your personal details, your account will be suspended. 
• Click the hyperlink. This is another fun game. A link embedded in an email looks legit until you look at it closely. If you don’t look at it closely and click it, all sorts of bad things can happen. Often these links look okay – until you notice that Wells Fargo is spelled Wellls Fargo.
• Open the attachment. Attachments from people you don’t know, or those you aren’t expecting, should never be opened. Opening them will release ransomware, viruses, or another plague upon your network.

There are other methods of phishing to be aware of, such as spear phishing and whaling, but these basic types of phishing are the ones we see most often that reel in the unsuspecting. 

Ransomware

Ransomware has become one of the most common ways for hackers to make a living. They use malicious software (sometimes through phishing emails) to gain access to your network. Then, they encrypt your data, which makes it impossible for your staff to access mission-critical data or even conduct business as usual until you pay up. 

But paying the ransom doesn’t mean you’ll get all or any of your data back. About 32% of ransomware victims pay the ransom but get a mere 65% of their data back. And because most companies have a laissez-faire attitude about backups, only 57% of businesses who have suffered a ransomware attack successfully recover their data using them. 

Direct breaches

Direct breaches happen when your company stores all or most of its business data on unencrypted computers – laptops, desktops, and mobile devices and the device is compromised. As an example, if you have a wine club and your membership database is on a company computer that gets stolen or lost,  all the hacker has to do is fire up the device, and there’s all the bank information, membership information, and customer information. 

It's all scary, but it’s also mostly preventable. As you can see, cybersecurity requires a multi-prong approach. Technology has to meet human beings in a place of constant vigilance. So what needs to happen? Read on. 

Protecting your winery against a cyberattack

Robust cybersecurity that offers real protection is complicated. Bad actors become more sophisticated all the time. Cybersecurity professionals spend a lot of time lurking among them, learning about the next big thing in the world of cybercrime and then devising ways to thwart it. 

If you have an IT person or team, they’re generalists, which is great for keeping things humming along day to day, but cybersecurity is an entirely different discipline. Hiring a cybersecurity expert would cost you in the low-to-mid six figures. Do you have an extra $150k to toss around?  

Your best bet is to hire an IT-managed services company that has cybersecurity experts on their team because this is what’s involved:

• Employee training. Your staff is your first line of defense and must be educated and trained on how to recognize threats and what to do. They also need to know what actions to take if they do the wrong thing.
• Penetration testing. Before you can implement cybersecurity, you have to know where your vulnerabilities lie. Network penetration testing requires what is known as “ethical hacking” to ferret out these weaknesses.
• Vendor due diligence. You likely rely on another company to administer things like your wine club. How is their cybersecurity? Continual due diligence must be performed – request and review third-party reports on security audits, such as SOC2 or ROC.
• Continuous monitoring. You’re a viticulture expert, not an IT professional, and cybercriminals are betting you’re not noticing those system anomalies or weird network behavior. The lack of continuous monitoring opens the door and provides the opportunity for attacks.
• Response planning. You’re the victim of a cyberattack. What do you do? If you think you won’t get hit:
  
  • Small businesses, because of their lack of attention to cybersecurity, are the targets of 43% of data breaches
  • Last year, 61% of small and medium-sized businesses were attacked
  • Companies with fewer than 500 employees spent an average of $3 million per breach incident

On top of all that, 60% of small businesses close their doors within six months of a cyberattack, and if they stay open, 25% will lose business. That’s because of the reputational damage created by a data breach. Your reputation is something you can’t put a price on – it means everything. 

You can’t do everything needed to protect your business from cyberattacks – you have a winery to run. And sending an IT person to a one-week course isn’t going to work. You need professional help from an IT cybersecurity consultant. After all, you wouldn’t want cybercriminals to cause your business to wither on the vine. 

The simplest, most cost-effective protection comes from professionals. At Endsight, we’re industry leaders in cybersecurity. Year after year, we’ve won a CRN Managed Service Provider 500 award in the Security 100 category. 

We offer complete cybersecurity protection and a variety of plans. We’re your complete technology support solution to create optimal IT management and human-friendly technical support for wineries throughout California. 

It’s a cyber-sophisticated world, and that requires cyber expertise. Endsight’s core values not only bring peace of mind regarding data protection but also offer an honest partnership, commitment to your long-term success, and unparalleled, dependable service. Reach out today.

See what Endsight can do for your winery’s cybersecurity – contact us today.