Earlier this week, The Cipher Brief brought you expert insights into How Iran Targets U.S. Businesses, after a warning last weekend by DHS’ Cybersecurity and Infrastructure Security Director Christopher Krebs.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to so much more than just steal data and money,” said Krebs in a statement posted to Twitter. “These efforts are often enabled through common tactics like spear phishing, password spraying and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
The Cipher Brief asked FBI Deputy Assistant Director Tonya Ugoretz how businesses should be thinking about the cyber threat from Iran. “Cyber is a means for nation-states to achieve their strategic objectives, so it’s important to consider the geopolitical environment when assessing risk and network defenses.,” Ugoretz told us. “As Department of Justice indictments have shown, Iran has a history of both cyber espionage and disruptive and destructive cyberattacks. In addition to employing cyber hygiene best practices, we are all safer when we are forward-leaning in sharing information about suspicious activity – both across and between the government and private sector.”
For a private sector view on this, we also tapped Jamil Jaffer, V.P. for Strategy & Partnerships at IronNet Cybersecurity for his take on the warnings and how businesses should be interpreting them.
The Cipher Brief: What should the latest warnings mean for businesses of all sizes and what are the sectors most likely to be impacted by cyberattacks launched by Iranian-backed groups?
Jaffer: Director Krebs’ warning certainly puts business of all sizes—but particularly those in critical infrastructure sectors and particularly businesses with critical data stored on networked systems—on notice that they need to be prepared for a potential attack on their infrastructure, that they need to be taking appropriate defensive measures now ahead of any potential attack, and that they need to have resiliency and recovery measures in place.
It is also important to remember that while cyberattacks may be targeted at particular entities or sectors, they can often have hugely important effects well-beyond the targets, as was the case with the Russian NotPetya attack against Ukraine, which took place two years ago this week.
While the Iranians may respond against any sector or may launch an attack that spreads beyond the targeted sectors, we know that they have previously sought to target critical infrastructure targets here and overseas, so those industries, particularly in the financial services, energy, and healthcare sectors ought be on particularly heightened alert.
The Cipher Brief: What are the top three things businesses should be doing to make sure their defenses are hardened in times of increased cyber activity like we’re seeing now?
Jaffer: The basics are always key, so taking appropriate steps like fully patching and updating systems and having in place core security measures like using two-factor authentication and putting in place network firewalls and antivirus software is critical for businesses of all sizes.
Beyond that, for medium-to-large enterprises, it is important that they have a suite of key tools deployed, including network traffic analytics, endpoint detection and response, and malware isolation, to name a few and that they have a quality managed service provider or a strong security operations team to monitor address ongoing threats.
And writ large, businesses of all sizes need to leverage collective defense capabilities, using data and analysis from across their industry or ecosystem and using it to better defend themselves in real-time.
The Cipher Brief: How has the U.S. government’s evolution toward a more aggressive cyber posture changed your outlook on private sector cyber defense?
Jaffer: Certainly the U.S. government’s decision to get more aggressive means that both the public and private sector need to be prepared for potential responses from our opponents.
At the same time, however, the United States government has historically sat on the sidelines while our private sector has been under significant attack taking only limited action in public, including through relatively ineffectual sanctions and indictments, so there is also a major potential benefit of this more aggressive posture: namely that we might be able to successfully deter further, more aggressive activities in cyberspace by our opponents on a going-forward basis.
So, while it is important that American businesses be prepared to respond to potential cyberattacks, they can also take comfort in the fact that the United States might finally be prepared to hit back.
Read also How Iran Targets U.S. Businesses in The Cipher Brief.
LAUNCHING IN JULY: The Cyber Initiatives Group, powered by The Cipher Brief. The CIG is a public-private sector group of cyber professionals who share observations, high-level thought and expert perspective on cyber issues impacting all of today’s businesses.
With a team of principals including Former CIA and NSA Director, General Mike Hayden (Ret.), former NSA Director, General Keith Alexander (Ret.), former Deputy NSA Director Rick Ledgett, former NCTC Director Matt Olsen, former Vice Chairman of the Joint Chiefs of Staff, Adm. Sandy Winnefeld and former DHS Deputy Undersecretary for Cybersecurity, Mark Weatherford, the new Cyber Initiatives Group will focus on connecting experts in ways that share best practices on cybersecurity.
If you’re interested in becoming an inaugural member or sponsor of this thought leadership group, please send an email to CIG@thecipherbrief.com and we will send you an invitation to join the conversation.
‘I’m excited to facilitate this critical cyber conversation and to be working with leaders from across the private sector as they tackle the very difficult cyber issues that impact every company doing business today.’ – Michael V. Hayden
