Canadian farms are seeing their internet-connected systems compromised more than ever, according to an expert.

“We have professional hacking teams that are specialized in targeting our food industry. In 2025 we had 43 cases, and this year so far, we already had 26 which means probably by the end of the year, more cases than last year,” Ali Dehghantanha, professor and director of the Cyber Science Lab at the University of Guelph told FoodNX in an interview.

“We only have those who have been impacted in close proximity to Guelph, so this is quite a major issue.”

For some farmers, why they are being targeted is causing some confusion but for Dehghantanha, it’s easy to see why.

“I am hearing from them, ‘Why does somebody want to attack me, a small farmer in Southern Ontario?’ They don’t understand that the attackers are not working based on geographical location, they work based on IP (internet protocol) addresses, and if they find a weak or vulnerable system, they will attack.” he said.

Agriculture sector being ‘targeted’

This trend should be concerning to governments, he explained.

“I have communicated this several times to the decision-makers and policy-makers, that in my opinion, currently ag food is the soft belly of IT cybersecurity; soft belly of cybersecurity physical infrastructure, which means all other critical infrastructure: transport, healthcare, even education, are now having much better standards for cybersecurity and much higher level of maturity compared with the ag food sector, so the main reason that this sector is targeted is because of that.”

This issue really came to the forefront in 2023, according to Dehghantanha, when he was contacted by a dairy farmer who discovered he had ransomware installed.

“The same hacking group attacked another dairy farm in April that we helped with. Then they attacked a dairy farm in France. Then they attacked in 2024 a dairy farm in Switzerland, so they are actively looking for targets, and they have already specialized themselves, so they clearly know what to do the moment they get to a dairy farm or a chicken farm.”

Generally, these groups look for anything on the farmer’s computer system that would be valuable to steal, such as personally identifiable information (PII), and they try to create a back door to be able to access the system again.

Finally, the system is affected with a locking ransomware, and a money exchange is demanded, he explained.

Good part of overall risk assessment

While this knowledge seems to be lacking for some in the agriculture industry, the farmers themselves are ripe to respond and adapt.

“Based on my experience, farmers are among the very few groups in society that naturally are aware of risk, and they are controlling many risks already, like the climate risk. What they don’t know is how to incorporate cybersecurity among those risks.”

Criminals have targeted a wide range of internet-enabled machines, he said, such as temperature control devices, sensors, gas monitoring and farm management systems.

“Attackers are not going to limit themselves on the type of system, what is the limiting factor is the level of security and the impact that specific device or the robot has on the farm because they usually try to go for the easiest systems or devices. So, anything that could become critical for the business would be targeted.”

The cyber-criminals going after farmers generally fall into three categories, according to Dehghantanha.

First are organized criminals looking to make money, second are state-sponsored groups such as APT28, a group from China, and Iranian government hackers.

But a third category is emerging. “Animal activist groups are sometimes targeting individual farmers that they believe are not following the ethics and the rules that they have in mind, using ransomware-as-a-service, which means they get a copy of the ransomware, they drop it there, but instead of asking for the payment, they normally ask the owner to go public or to change their behaviour,” Dehghantanha said.

Educating future cybersecurity professionals

To help the industry become more aware of the risks, the university is offering a new program, called SECURE-AGRO.

Its aim is to educate 100 professionals, from two separate cohorts. “Educating ag food professionals in terms of the cybersecurity risk and the issues that they have, so we would have future agriculture consultants or agriculture business owners having a good understanding of cybersecurity risks,” Dehghantanha said.

“The other group . . . are cybersecurity professionals who want to be educated on challenges in ag food, and we are training them to be aware of these risks; be able to work with the tools, and be able to address the challenges that they have.”

The university is also offering cyber-education programs for the farmers.

But for individuals, the first step is to conduct a “vulnerability assessment.”

Dehghantanha encourages those farmers to visit the University of Guelph Cyber Science Lab.  

“We have guidelines and the self-assessment Excel sheets for the farmers in different sectors: beef, dairy, etc., that they can go download freely, fill it up, and that gives them instantly a good view of what are the gaps in terms of cybersecurity.”

Farmers should also purchase cybersecurity insurance, which also comes with a side benefit.

“During the process of getting the insurance, the insurer usually works with them to conduct vulnerability assessments or to improve their security, which is a good thing that they can get,” Dehghantanha said.