Cybersecurity in the Cannabis Industry

Studies show that emerging industries, such as the cannabis industry, continue to be prime targets for cyberattackers. A perception of inadequate cybersecurity protocols can also affect consumer confidence and in turn, impact the future sales and growth.  Because emerging businesses are often more focused on federal or other regulatory barriers and the day-to-day operations of starting and growing their new business, their IT infrastructure and cybersecurity policies tend to be an afterthought.   Increasing regulatory requirements only add to the already overwhelmed businesses that find themselves constantly playing catch-up.  This leaves these businesses in a thriving multi-billion dollar industry extremely vulnerable and cybercriminals know that. 

While some more established companies outside of the sector are finally becoming more open to working with businesses in the industry, we still have a ways to go.  Many companies continue to block services for businesses in the industry. From federal intervention to banking issues, it’s certainly a challenging industry to get into.  Several prominent IT service providers continue to block support, possibly due to their lack of understanding.  Whatever their reason, this has caused a drastic increase in cyber extortion and ransomware attacks on businesses such as dispensaries and supply chain wholesalers, as hackers seek to target and sell intellectual data, as well as personal information of patrons, in addition to extorting businesses in the industry.

Consumers value the anonymity that goes along with activities such as shopping at dispensaries. Whether medical or adult-use, the information in both cases can be at risk. Regardless if a cyber breach has occurred within your organization, or as a result of third party vendors and contractors, you're still liable.  Third parties may not take their network security as seriously as you do. Hackers know this, and at many times choose not to attack your company directly, but instead look for an easier target among your third-party vendors. We have seen these third-party breaches with large enterprises such as Target, Lowes and even Verizon. A compromised subcontractor can easily be exploited as an entry point for cybercriminals, as seen often in supply chain attacks.

From budtenders and cashiers, to shipping and receiving employees, businesses in this industry are primarily end-user based operations. Which is why your employees are your first line of defense against a cyberattack. It is critical to ensure employees are properly trained on best practices for safeguarding against cybersecurity risks, such as identifying nefarious emails and protecting customer data—just to name a few.  Hackers are aware of the added vulnerabilities to businesses in the cannabis industry due to additional barriers blocking services and support readily available to businesses in other industries. As a result, they take advantage and target your staff with attacks such as phishing scams and ransomeware, that are alarmingly increasing at an exponential rate.