In response to the killing of Major General Qassim Suleimani, the government of Iran and its supreme leader, Ayatollah Ali Khamenei, have declared the country’s intention to strike back at the United States. According to reports, their desire is to respond proportionally, but not start a war, and they are contemplating multiple options, any subset of which they may implement.
Almost certainly, these options include cyberattacks. Iran has long been an active source of Advanced Persistent Threat (APT) attacks against the U.S. Government, as well as industry. These are among the most sophisticated sets of cyberattacks that have occurred in recent years. As a result, the U.S. Government is preparing for potential Iranian cyberattacks and is alerting the public to the danger. On January 6, CISA, the cyber component of the Department of Homeland Security, issued an alert, warning of the increased threat of cyber attacks from Iran. The two-page document is worth the read.
Putting It Into Practice: Companies, particularly those that do business with the U.S. Government or that handle sensitive information, should consider additional security measures in light of this imminent threat. Some options include:
- Increasing the frequency of your backups of important data, until the threat eases.
- Implementing multi-factor authentication, if you have not already done so.
- Temporarily increasing the frequency of password changes on your system.
- Moving up any plans to upgrade system security so that they are completed sooner.
- Increasing the logging functions on your system to better monitor activity.
This list is by no means exclusive. Each company will have to evaluate the state of its cybersecurity independently, but for all of them increased vigilance is now in order.