Is the Cannabis Industry Prepared for a Cyber Attack?

With an increase in technology comes an increase in cyber threats. In fact, according to the University of Maryland, a cyber attack happens every 39 seconds. 

Unfortunately, even though there are options available to prevent these sorts of ransomware attacks, cannabis companies, even large-scale operations, are largely unprotected from malicious hackers, putting themselves at risk for costly situations every day. 

Below, we’re breaking down ransomware attacks the cannabis industry can experience and how organizations can be prepared. 


Ransomware is when a hacker gains access to critical data and holds it ransom, demanding money in return for the information. Hackers gain access and take over control of the files through ​​asymmetric encryption. These types of attacks can completely paralyze an organization, ruin a customers’ right to privacy and even be detrimental to an entire supply chain. Financially, the cost of a ransomware attack can be significant. In fact, the average ransom demand was more than $300,000 in 2020. 


Even though the cannabis industry is booming, it is still in its infancy compared to many other supply chains and markets. Most of these cannabis companies are often so preoccupied with the day-to-day that they do not ever even have the thought of cyber attacks in their mind. ​​

However, this is exactly the mindset hackers look for. 

In the cannabis world, it has been found that even larger organizations do not have dedicated software to protect valuable data, despite their size. On top of this, many are still using spreadsheets, email, and paper to manage their processes. What they might not realize, however, is that managing business-critical information in this manner is a serious threat to the company, clients and employees.

Hackers see all businesses as easy targets because the likelihood that a company has a solid cybersecurity plan in place is slim. Cannabis companies have historically put a larger focus on compliance or operations than protecting the company from hackers.

With an abundance of sectors, the cannabis industry has many avenues for attacks. From retailers having their customer information stolen to a cannabis cultivator having to pay hundreds of thousands of dollars to access their automated systems and data analysis, all areas of the cannabis industry are at risk. 


According to a report from MJBiz Daily, 41% of cannabis businesses aren’t taking the necessary steps to protect themselves online. However, there are multiple ways you can help protect your operation from an attack, and adapting the same methods of Fortune 500 companies is the best place to start. 

  • Set up antivirus software. This is the bare minimum any operation should be doing to protect its assets. 
  • Implement mobile workforce management. This helps ensure anyone interacting with company data, such as email, files, etc., has adequate protection on their devices.
  • Training Employees. Protect your operation from all angles, so employees know what to look for in phishing schemes. 
  • Set up a virtual private network (VPN). With a majority of the workforce now working from home, setting up a VPN is essential in protecting confidential information. The VPN works by encrypting data making it harder to access.
  • House data in a stringent cloud-based service. Make sure the service has passed certifications such as ISO27001 and ISO270127 and encompasses email, integration, and database encryptions. 


The easiest way to implement these measures is by finding an all-encompassing software that has the protection built-in. For example, Regrow maintains every regulatory and industry compliance Information Security Management certification for all its data centers. This ensures every client is protected to the utmost potential from hackers stealing valuable data or holding it hostage. 

To learn more about how Regrow implements cybersecurity measures for all clients, please reach out.


Share This