Article written by:
Doug Davidson, CISA
Director of Information Technology Services
Following the early January drone strike in Iran, the FBI and Department of Homeland Security have warned of potential Iranian cyberattacks on the U.S. As a result of escalated tension between the U.S. and Iran, many clients are concerned about their cyber business exposure. Knowledge about the impact global events have on your business is an important part of enterprise risk management.
The decades-long back and forth between Iran and the U.S. has included nearly 10 years of cyberattacks. In 2010, an Iranian nuclear facility was infiltrated by a cyberworm which caused significant damage. Iran has a history of using cyberattacks against financial systems, oil companies and U.S. dams.
Our belief is that this activity is nothing new. In the past, it has heated up in parallel with other crises in that region, but the pattern repeats at some point from this latest event. The attacks may increase against the same financial systems, oil companies and other critical infrastructure component targets that Iran has attacked in the past. Few small businesses are likely to be directly caught up in an attack, though key infrastructure components that are critical to our businesses may be impacted. So, it is something to keep an eye on, but nothing to panic about.
That said, when your network is connected to the rest of the world, global events can impact you. Other countries, and terrorist organizations, have proven offensive cyber capabilities. Some focus on intellectual property theft, others on political and government espionage, and others on using cybercrime as a means of raising funds for their government.
Two things you should do:
- While you cannot control the threats, you can measure and improve your security posture by reducing your business’ exposure, removing weaknesses and improving safeguards.
- IT and risk management leadership can keep an eye on the global threat situation from free, public sources. Our cyber team follows a number of sources, however, three stand out as must-haves in keeping an eye on this type of information:
- The U.S. Department of Homeland Security, which also includes an option to subscribe to the United States Computer Emergency Readiness Team (US-CERT), provides additional threat reporting.
- Cisco’s Talos Intelligence Group, one of the largest commercial threat intelligent teams in the world.
- Threatpost, an independent news site that is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
GBQ IT Services is one team of builders, breakers, operators and auditors with access to a consortium of 50 experienced IT, cyber and assurance professionals delivering IT risk, cybersecurity and productivity solutions. We build value through IT strategy, protect value with information risk and cybersecurity services, measure value and improve productivity with data analytics and process automation and assure value through IT audit services.