01-17-20 | Blog Post

How to Respond to the Not-So-New Iranian Cybersecurity Threat

Blog Posts

When military actions in late 2019 and early 2020 sent the Iranian cyber threat meter soaring in the US, every media outlet carried stories warning of the critical and imminent nature of an Iranian cyber attack. But truth be told, Iran has been among the top three nation-threats against US cyber security for years.

Without a doubt, Iran has a sophisticated and growing cyber arsenal. If they are going to retaliate, pundits say Iran actors will likely target vital US industries such as finance, energy, healthcare or defense, which would in turn disrupt other industries. However, it could be months before they put a plan into action. (In the meantime, players around the world – including cyber actors on our own turf – continue to escalate their barrage of hacking, ransomware and other disruptive behavior.)

The net-net of the not-so-new Iranian threat? Increase your cyber security vigilance and maintain it indefinitely. It’s not new advice, but it’s certainly underscored by current events. Not too long ago, experts indicated that the cybersecurity spending bubble was about to burst, but this might prolong the growth curve. Current projections have global spending on cybersecurity topping out at $133 billion by 2022.

If you’re like most compliance-sensitive and data-sensitive organizations, you already have safeguards in place to limit your vulnerability. The pressing question is, how do you know if you’re doing enough? To assess how well your security strategy stacks up, you have to consider the three primary security gateways: people, processes and technology.

People: A simple click on a malicious link or a misstep in data handling can open the door to all kinds of havoc. There’s really no way to eliminate human error, but you can mitigate its results. Rigorous employee training, password policy enforcement and anti-malware protection are critical to diminishing the chance of internally-enabled data breaches.

Processes: Your organization can respond to threats in a calm and methodical manner only when all the players know what they need to do and have the access they need to do it. Work hard to minimize personnel coverage gaps, outline security standards and have incident response plans in place.

Technology: In their January 6 alert, Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) outlined a handful of high-priority recommendations for the IT department:

  1. Disable all unnecessary ports and protocols.
  2. Patch externally facing equipment.
  3. Log and limit the use of PowerShell.
  4. Keep backups current.
  5. Monitor network and email traffic.

We agree with their recommendations, with an added emphasis on backups. If your data is breached, backups become the key to business continuity. By adding cloud backup or disaster recovery as a service (DRaaS) to your cybersecurity strategy, you can restore data from the point right before the breach and continue business as usual.

Anxious to increase your cybersecurity vigilance? Need assurance you’re doing everything possible to protect critical operations? Otava can help. As a secure, compliant provider of hybrid cloud solutions, our experts are trained to detect vulnerabilities in your environment in all aspects, including people, processes and technology. To learn more, contact us or call us today at 877-740-5028.

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved