Tensions with Iran Could Have Cybersecurity Ramifications for U.S. Businesses

Rising tensions in the Middle East in the wake of the killing of General Qasem Soleimani, the head of Iran’s military Quds Forces, has U.S. troops on high alert.

However, the strike has also put cybersecurity experts on notice. Alongside Russia and China, Iran is a formidable cyber adversary. Indeed, “incidents involving Iran have been the most sophisticated, costly, and consequential attacks in the history of the internet,” claims the Carnegie Endowment for International Peace, which has charted the rise of Iranian cyber warfare.

In the past, these attacks have targeted vulnerable infrastructure, such as Israel’s internet connectivity, Turkey’s power grid, Saudi Arabia’s oil and government offices, and the control system of a dam located 25 miles north of New York City.

However, U.S. businesses are also within Iran’s sights. In 2016, the Department of Justice indicted seven Iranians for a retaliatory cyber attack against U.S. banks that blocked customers from accessing their online accounts. Two years later, nine additional Iranians for were charged with executing one of “the largest state-sponsored computer hacking campaigns ever” targeted at more than 140 universities, 30 U.S. companies, and five government agencies.

A dark horse on the cyber landscape

Despite the progression of cyber hostility from Iran, very little is known about the state’s cyber warfare capabilities. It’s entirely possible that Iran already has a persistent presence on business or government networks and is simply lying in wait for orders to attack – a common practice among sophisticated hackers.

It’s important to note, however, that Iran is strategic and poised in its cyber attack strategy. It’s known for taking time to review its options and plan retaliation. This potential window gives U.S. organizations valuable time to shore up their defenses.

According to cyber security experts, now is the time for major organizations to do just that.

"If I were advising the pizzeria down the street, I'd say you're probably not high on the target list, but if you're operating a critical infrastructure or a high-profile, large corporation, I would raise the alert status for your cybersecurity teams," Michael Daniel, a former cybersecurity adviser to President Obama who now serves as president of the Cyber Threat Alliance, told NBC News.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

See Your Rating
Button Arrow

Steps to take to prepare for a cyber attack

Some of the steps security teams can take to reduce the risk of falling victim to a data breach or system downtime include patching critical vulnerabilities, ensuring firewalls are up-to-date, and continuously monitoring their security posture so that they can quickly remediate as new threats and vulnerabilities emerge.

In addition to ensuring that their internal security performance management program is watertight, companies should also pay close attention to potential risk in their third-, fourth-, and nth party ecosystem of vendors, partners, and subcontractors. Fueled by cloud technology and outsourcing, breaches that originate from outside the organization are at an all-time high and savvy threat actors are eager to exploit any gaps in security that might lead to a higher prize up the supply chain.

With much outside their control, companies should take advantage of third-party security risk management tools that have the capability to expose cyber risk within the supply chain so that both parties can work collaboratively to reduce risk – without the need for costly and time-consuming security assessments.

Mitigate the cyber risk

When provoked, the chances of a cyber strike by nation states like Iran is almost certain – and the fallout can be catastrophic in terms of data loss, operational downtime, and financial implications. While it’s impossible to prevent an attack entirely, with greater visibility and automated continuous monitoring of their entire security landscape, U.S. businesses can significantly mitigate the risk of an attack and prioritize resources and remediation efforts where they are most needed.