Andrew Rose (UK)

They need to get sort of, they need to be able to continue to produce and continue to move the produce around and get it to the right place. So they need to focus very much on resilience or rather, sorry, resilience rather than recovery. You can't be down for two weeks and then recover it and go, well, fine. That's two weeks of produce loss. Goodness only knows the impact that could have.

They need to get sort of, they need to be able to continue to produce and continue to move the produce around and get it to the right place. So they need to focus very much on resilience or rather, sorry, resilience rather than recovery. You can't be down for two weeks and then recover it and go, well, fine. That's two weeks of produce loss. Goodness only knows the impact that could have.

How you get around that is, well, I think you just have to look at all the normal controls that people focus on these days. So how am I going to prevent ransomware? How am I going to keep my network segregated and safe from different external threats? And if we do get a breach internally, how can I make sure that other aspects of my network are segregated away from that?

How you get around that is, well, I think you just have to look at all the normal controls that people focus on these days. So how am I going to prevent ransomware? How am I going to keep my network segregated and safe from different external threats? And if we do get a breach internally, how can I make sure that other aspects of my network are segregated away from that?

And finally, I think probably the key thing to think about is, how most of these attacks start, which is very much the space I'm passionate about right now, which is the human side of the risk. It's really interesting to look at enterprises and what they do is they seem to spend about 90% of their security budgets on technology.

And finally, I think probably the key thing to think about is, how most of these attacks start, which is very much the space I'm passionate about right now, which is the human side of the risk. It's really interesting to look at enterprises and what they do is they seem to spend about 90% of their security budgets on technology.

And yet when you look at the statistics, about 90% of the threat comes from people who will click on links, who will open attachments, who will do silly things, send information to the wrong place. So actually there's a real imbalance there. And normal large enterprises are still dealing with that themselves.

And yet when you look at the statistics, about 90% of the threat comes from people who will click on links, who will open attachments, who will do silly things, send information to the wrong place. So actually there's a real imbalance there. And normal large enterprises are still dealing with that themselves.

So I think as the agri-food industry starts to really get in and tackle cybersecurity, they need to think about this education and awareness to change the behavior of the people who are involved in the whole end-to-end process. Because that's where many of those vulnerabilities and those issues will begin, but they can be cut off with some good education and training.

So I think as the agri-food industry starts to really get in and tackle cybersecurity, they need to think about this education and awareness to change the behavior of the people who are involved in the whole end-to-end process. Because that's where many of those vulnerabilities and those issues will begin, but they can be cut off with some good education and training.

It's interesting to sort of have the analogy with air traffic, because in air traffic control, I didn't care about confidentiality one jot. And we all talk about cybersecurity being the triad of confidentiality, integrity, and availability. I didn't care about confidentiality. If we lost our HR database, sure, that was a rough day, but hey, it could be so much worse.

It's interesting to sort of have the analogy with air traffic, because in air traffic control, I didn't care about confidentiality one jot. And we all talk about cybersecurity being the triad of confidentiality, integrity, and availability. I didn't care about confidentiality. If we lost our HR database, sure, that was a rough day, but hey, it could be so much worse.

We had to focus entirely on integrity and availability of data so the air traffic controllers could do their job. And if that dot was on the screen, we knew that was exactly where that dot was. And they'd rather have no dot than an incorrect dot. So integrity was vital and availability was vital. I think those aspects actually are true with the agri-foods as well.

We had to focus entirely on integrity and availability of data so the air traffic controllers could do their job. And if that dot was on the screen, we knew that was exactly where that dot was. And they'd rather have no dot than an incorrect dot. So integrity was vital and availability was vital. I think those aspects actually are true with the agri-foods as well.

The confidentiality is not that much of a big deal, but the integrity of the data to prove the provenance of their foodstuffs and the availability of their systems to process it and bring it through from farm to fork is really key for them so that they're not just a normal cybersecurity journey. It's slightly different. It's much more critical national infrastructure thinking.

The confidentiality is not that much of a big deal, but the integrity of the data to prove the provenance of their foodstuffs and the availability of their systems to process it and bring it through from farm to fork is really key for them so that they're not just a normal cybersecurity journey. It's slightly different. It's much more critical national infrastructure thinking.

It's much more about safety level thinking.

It's much more about safety level thinking.

It is, and I think that chicken company I was talking about, they actually went through all of their processes and they worked it out that if they had no computers at all, they could still do it. They went back to the paper process. How would we do this with no technology? How could we know what we were doing? And I think that's a very wise thing to do.

It is, and I think that chicken company I was talking about, they actually went through all of their processes and they worked it out that if they had no computers at all, they could still do it. They went back to the paper process. How would we do this with no technology? How could we know what we were doing? And I think that's a very wise thing to do.