Grow Opportunity

Features Business Security
Navigating cybersecurity in the cannabis industry with the CEO of SideChannel

Brian Haugli, CEO of SideChannel, outlines a comprehensive approach to protecting cannabis businesses from cyber threats

June 18, 2024  By Grow Opportunity Staff


Photo: Adobe Stock
As the cannabis industry grows and evolves, it faces unique challenges, particularly in the realm of cybersecurity. The increasing reliance on technology within the sector demands a robust approach to safeguarding information and operations. In a recent interview with cybersecurity expert Brian Haugli, CEO of SideChannel – a Massachusetts-based cybersecurity consultant – Haugli sheds light on the intricacies of operational technologies (OT) and the cybersecurity landscape that cannabis companies must navigate.
“Cybersecurity is just solving problems,” Haugli begins. “And the problem is that everyone has created a massive reliance on technology without considering its security.” In today’s world, technology permeates every aspect of life, creating a dual plane of existence: physical and logical.

However, the intangible nature of the logical plane often leads to a lack of seriousness about cybersecurity.

“Since the 80s, the problem with cybersecurity is that people can’t touch it, so they don’t think about it as much,” Haugli explains. This complacency is evident in the staggering statistic that four out of five Americans have had their identities stolen, yet many remain indifferent, relying on companies’ assurances and temporary fixes like identity monitoring.

Operational technologies in manufacturing and cannabis

Manufacturing, including cannabis cultivation, has shifted dramatically from manual operations to technology-driven processes. “Years ago, most manufacturing and agricultural operations were manual. Now, there’s a big push towards IoT – the internet of things – and OT – operational technologies,” he says. These technologies integrate computer systems into traditional hardware, streamlining operations but also introducing new vulnerabilities.

Initially, OT environments were isolated from corporate IT networks, maintaining a physical separation that safeguarded them. “They followed the Purdue model, a traditional security model for OT,” Haugli elaborates. However, the demand for data integration and efficiency led to the collapse of these barriers, creating “big flat networks” that are more susceptible to cyberattacks.

Advertisement

Cybersecurity revolves around a triad: confidentiality, integrity, and availability.

“In the IT world, confidentiality is the priority, followed by integrity and then availability,” says Haugli. However, in OT, especially in sectors like cannabis, the priorities shift. “It’s availability first, then integrity, and confidentiality is often an afterthought.”

The expert underscores the importance of availability in OT: “Anything that affects time immediately impacts revenue.” This is particularly crucial in cannabis cultivation, where timing is everything and a disruption can have significant financial repercussions.

Emerging threats and industrial espionage

The global embrace of technology has also introduced new threats from economic competitors and cybercriminals. Countries that predominantly speak Russian and Chinese may use cyber attacks to either stop operations or corrupt data in the West. Cannabis companies, like many tech startups, often prioritize growth over security. “They are in a grow-at-all-costs mode,”says Haugli. This mindset, while understandable, can be perilous.

“I’ve seen clients who have rolled the dice for generations without a problem, but now they’re waking up to the reality of cyber threats.”

Haugli highlights the structured nature of cybercriminal organizations. “Most hackers run systems that scan for vulnerabilities and exploit them for a high ROI. They operate like businesses, with HR, payroll, and quotas.” These criminal enterprises launch attacks, often timed to coincide with weekends, to maximize disruption while monitoring the impact only after the fact.

“Ransomware is prevalent,” he notes, describing the triple extortion model: locking down systems, stealing data, and threatening to sell it if the ransom isn’t paid. This sophisticated approach underscores the importance of robust cybersecurity measures.

Building a cybersecurity program

Effective cybersecurity begins with a clear understanding of what needs protection. “You can’t protect what you don’t know exists,” Haugli advises. Companies must assess their technology, identify vulnerabilities, and develop a roadmap to achieve their security goals. This involves not only technological solutions but also cultural and procedural changes within the organization.

“Security comes down to making sure that people can’t disrupt operations, whether by chance or intent.” This includes safeguarding against insider threats, where disgruntled employees or corporate espionage can pose significant risks.

As the cannabis industry continues to expand, the integration of technology presents both opportunities and challenges. Cybersecurity must be a priority, with companies adopting comprehensive strategies to protect their operations. SideChannel’s CEO Brian Haugli provides a roadmap for navigating the complex landscape, emphasizing that while the challenges are significant, they are not insurmountable with the right approach.

By understanding the unique cybersecurity needs of the cannabis sector and implementing proactive measures, companies can safeguard their growth and ensure their place in the market.

Print this page
Stories continue below


Related