By Lucas Molefe, Cybersecurity Expert at ESET Southern Africa
Agriculture has become agritech. Over the past few years, technology has eased into everything from yield monitors to climate monitoring to soil sensors and irrigation. Precision agriculture practices, for example, were found to have adoption as high as 43% according to a Stellenbosch University Agronomy Department study, while soil sensors are currently, says Ken Research, the highest adoption IoT category among South African farmers. The latter market is currently valued at $1.1 billion in the country, with 60% of farms integrating IoT solutions across key areas such as crop and resource management.
These technologies are bringing improvements across yield, performance and optimisation, but they are also introducing unexpected risk. And the biggest risk doesn’t sit where you’d expect – on the farms and within their systems. It sits with the third-party service provider. In logistics and the small to medium enterprises (SME) that provide the connections between the farm and the fork.
Of course, the technology infrastructure on the farm itself is not immune to the threats. Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies aren’t attractive cybercriminal targets. Unfortunately, that belief is precisely what makes them one. But that belief is also playing forward into the most vulnerable part of the supply chain, where smaller companies have no cybersecurity infrastructure, monitoring devices or patch management and no understanding of the risk at all.
Across the commercial farming and food logistics sectors, devices are transmitting data about soil conditions, temperature, humidity, livestock health, cold chain integrity and more. From verified temperature readings through to GPS-tracked logistics and point-of-origin records, the data travels from sensors and systems through the logistics operator, into a distribution centre and eventually informs the procurement and shelf-life decisions of a major retailer. And this data is currency. It is precisely what the threat actors want, especially if the data provides insights into the operations of a large agritech company. They can sell how and where the entire farm operates.
At each step of the chain, there is security. Farms, retailers and distribution centres have invested in enterprise-grade security, endpoint systems or sophisticated solutions that ensure data is protected as it moves through the chain. However, the small-scale operators with no cybersecurity infrastructure have created an analogue gap that makes them perfect for a man-in-the-middle attack.
The moment the data leaves the sophistication of the farm and enters the small logistics operator’s hands, it crosses an analogue boundary. The threat actor doesn’t need to breach the farm systems or spend hours hacking the distributor, they need only inject false data in the middle, where security is often not even a consideration.
The mechanism of this type of attack isn’t high-level; all it needs is access to a vulnerable IoT device without endpoint security, and then the door is wide open. The attackers then inject errors into the data that the device reports, the sensor continues to function as if nothing is wrong, the distribution centre and retailer continue to receive data, but the data is false. The temperature reading could be suggesting the products are in the safe range when they aren’t, for example, which means that the point of origin record will validate a consignment that it should reject or that a shelf-life indicator will provide insights that are entirely off base because the data foundation was compromised.
The consequences of this type of attack are twofold. First, there are the commercial impacts across production delays, spoiled inventory, customer dissatisfaction and the costly process of tracing and replacing compromised stock. The second is regulatory – under POPIA, companies are legally required to ensure the accuracy of the data they process. When false data is injected at the analogue gap, it travels through the supply chain and informs procurement decisions and the retailer is left holding non-compliant records they relied on in good faith.
The Transnet ransomware attack that took place in 2021 is a very visible demonstration of what happens when a logistics-adjacent system is compromised. Agricultural imports and exports came to a standstill, and the financial consequences were significant.
Threat actors don’t need to target the high-end systems put in place by the agricultural sector, retailers, and distribution centre. They simply need to find a vulnerability in the analogue gap and poison the data when nobody is watching.
Third-party logistics companies are facing significant digital transformation complexities that include compliance, employee resistance, outdated systems and more. This fragmentation, alongside infrastructure and financing limitations, is putting immense pressure on the sector’s security. South Africa’s agricultural and retail sectors are operating in a country where the Information Regulator received 3,219 breach notifications in the 2025/26 financial year at an average of 268 a month. The analogue gap has become a cybersecurity problem, and it needs to be addressed.
