In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.


Cannabis Companies Considered Ripe Targets for Ransomware Attacks

While ransomware continues to dominate security headlines with attacks against critical infrastructure, healthcare systems, and governments, the cannabis industry seems to have not yet prioritized the issue. “As the past few months have demonstrated, the surge in ransomware attacks threatens our critical infrastructure, municipalities and the most vulnerable among us and is increasingly impacting the lives of the American people,” Michael Mosier, FinCEN’s acting director, said in a July news release.

But most cannabis companies haven’t taken steps to defend themselves against ransomware attacks, according to an informal MJBizDaily survey conducted in July. Of the 41 people responding to the poll, 59% said their marijuana companies had not taken steps to prevent attacks, while 41% said the businesses had. Ransomware is a nefarious hack that takes control of a company’s files and data and locks them.

According to MJBizDaily, Cannabis companies are vulnerable for different reasons:

  • The perception exists that marijuana businesses are flush with money and can easily afford to pay to retrieve their data.
  • They typically don’t have strong information technology departments.

We have covered ransomware in several previous blog updates, and would recommend users head over to our latest Library Card Series post about ransomware to further understand the risk and review useful resources to helping create a more resilient organization. For those interested, we are offering a free information sharing community within our Slack Workspace where information about threats and how to mitigate them can be shared in a safe and collaborative environment.

Safer and More Secure Cannabis

In more ransomware news, ASTM (of which Cannabis ISAO is a proud member), is doing great work to help standardize security protocols within the industry. Because the cannabis industry is considered an emerging market comprised primarily of small businesses, it can be seen as an easy target. And a stat we try to constantly bring up is that fact that 60% of small companies close within six months of being hacked. “We’re coming from a commodity that was once considered highly illegal to a valuable commodity that is, in some cases, traded on the stock exchange,”  says Mike Soberal, senior director of corporate security at Aurora Cannabis. “Although our risks may not be different than other businesses, because we are cannabis and because we’re in the news and at the forefront of a lot of conversation, there is a newer look, a greater interest in us. And that makes us more vulnerable. We are targets for organized crime and criminal activity and, as a result, relevant standards and protections are needed.”

The new guide for implementing cybersecurity in a cannabis operation (WK69969), when completed, should help to alleviate cybersecurity weaknesses and also to educate those working in the industry about their risks. 

“We’re creating a standard to explain to folks some of the data breaches that are going to be very common and that we can mitigate with software best practices so that bud tenders or cannabis sales associates don’t make mistakes,” says Mike Coner, founder and president of ezGreen Compliance and D37 technical lead for WK69969.

Physical Security

Creating Stickier Retail Safety and Security Training

The effectiveness of a retailer’s training is tested every day in how staff manage conflicts with customers, the form they use when lifting heavy boxes, or whether they click on an unknown email attachment. It’s not possible to ensure associates will always remember their training—or achieve their 100 percent compliance with directives—but are there ways to better your odds?

Kroger is trying to do that by delivering shorter, more frequent instruction and injecting it with a bit of fun, hoping it translates into better engagement. The program, Fresh Start, utilizes a platform from training company Axonify, which allows associates to access personalized training via an app. Using gamification, instruction is tailored to an individual associate’s needs and knowledge gaps and takes only five minutes per shift.

As cannabis dispensaries continue to see an uptick in robberies, and budtenders and other frontline personnel have to take an unfair amount of pressure and responsibilities in those situations, training can be so important to ensure the safest possible resolution to those situations. Utilizing new training methods could help to create a more effective security environment.

Capitol Police on Alert Ahead of ‘Justice for J6’ Rally

Law enforcement officials are bracing for potential clashes and unrest during an upcoming right-wing rally in Washington, DC, as violent rhetoric surrounding the September 18 event has increased online and counterprotests are being planned for the same day, according to an internal Capitol Police memo reviewed by CNN. The latest intelligence report on the “Justice for J6” rally — which aims to support insurrectionists charged in the Capitol riots — notes that online chatter in support of the event started increasing after the officer who fatally shot rioter Ashli Babbitt went public with his identity in a recent interview with NBC’s Lester Holt.

There’s been a noticeable uptick in violent rhetoric around the event and heated discussions centered on Babbitt’s shooting on social media and discussion boards, according to the memo. The document warns that many individuals may also see September 18 as a “Justice for Ashli Babbitt” rally, which could be cause for concern, and it’s not unreasonable to plan for violent altercations. There have been additional discussions of violence associated with the event, with one online chat suggesting violence against Jewish centers and liberal churches while law enforcement is distracted that day. The Capitol Police have formally asked the Capitol Police Board that temporary fencing be put in place again around the complex ahead of the rally, a source familiar with the planning told CNN. The Capitol Police Board will make the final call, but the recommendation will weigh heavily in its final decision.

New announcements about vaccine mandates from President Biden is likely to stoke more resentment, which could lead to larger and more dangerous crowds at the rally. Cannabis organizations within the National Capital Region should ensure that their employees are aware of the event in order to ensure safe travel to and from work.

Education on Hostile Event Preparedness: Fire as a Weapon

Join Cannabis ISAO partner Gate 15 for a free educational webinar on Wednesday, 15 September from 2:00 PM EDT – 3:30 PM EDT. You can register for the event here. In this presentation, You will learn how to:

  • Recognize Fire as a Weapon hostile events
  • Better prevent, prepare for, and react to an event
  • Identify safeguards to prevent Fire as a Weapon attacks
  • Identify preparations to mitigate the harm of a Fire as a Weapon attack if it occurs
  • Take proper actions during a Fire as a Weapon hostile event, to increase the chance of survival if an event occurs
  • Identify resources available, to take the next steps in Fire as a Weapon preparedness

Natural Threats

Record Heat, Fire Danger Plague West After Hottest Summer on Record for U.S.

Heat waves punished the West all summer and, even at the brink of fall, another sweltering blast had moved over the region. The heat was bringing record-setting temperatures in the Southwest and exacerbating a volatile fire situation farther north. The heat wave, which began early this week before peaking Thursday, coincided with an announcement from National Oceanic and Atmospheric Administration that the months of June through August matched the Dust Bowl summer of 1936 as the hottest on record for the Lower 48 states. “A record 18.4% of the contiguous U.S. experienced record-warm temperatures,” NOAA wrote Thursday.

This latest bout of exceptionally high temperatures was generated by a large and unusually strong zone of high pressure or heat dome parked over the Four Corners area, a situation that occurred repeatedly in recent months. Temperatures near the core of the heat dome were generally 10 to 20 degrees above average, and its influence extended everywhere west of the Central Plains.

How Cannabis Growers can Prepare for Early Season Cold Weather

Early snowstorms and freezes in September and October have plagued Colorado outdoor cannabis growers the past two years, damaging plants and leading to millions of dollars in losses. And while the weather seems to be cooperating with no cold snaps so far this year, that situation could easily change. While weather patterns can be flukes, climate change has created more steady and consistent extreme weather patterns. This article from MJBizDaily provides excellent recommendations from southern Colorado growers on how to prepare for unseasonable snow and frost.

Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!

Check out the latest blog highlighting issues important to cannabis security!