We've seen speculation from several different sources that due to the current conflict with Iran, there could possibly be retaliation on the U.S. in the form of cyber attacks. U.S. businesses in particular could be a target, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations to be vigilant. This memo from the CISA details the threat and offers some things your organization can do to be prepared and the following message from the New York Department of Financial Services (DFS) sufficiently outlines the risk:
"There is currently a heightened risk of cyber attacks from hackers affiliated with the Iranian government. The Iranian government has vowed to retaliate against the United States for the death of Qassem Soleimani. Given Iranian capabilities and history, U.S. entities should prepare for the possibility of cyber attacks.
It is particularly concerning that Iran has a history of launching cyber attacks against the U.S., and the financial services industry. For instance, in 2012 and 2013, Iranian-sponsored hackers launched denial of service attacks against several major U.S. banks. And the U.S. government recently advised in June 2019 it observed “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” and that Iranian attackers were increasingly using highly destructive attacks that delete or encrypt data.
DFS therefore strongly recommends that all regulated entities heighten their vigilance against cyber attacks. While currently there are no specific, credible, reports of new Iranian-sponsored cyber attacks in the past few days, all regulated entities should be prepared to respond quickly to any suspected cyber incidents. Iranian-sponsored hackers have historically relied primarily on common hacking tactics such as email phishing, credential stuffing, password spraying, and targeting unpatched devices.
DFS therefore recommends that all regulated entities ensure that all vulnerabilities are patched/remediated (especially publicly disclosed vulnerabilities), ensure that employees are adequately trained to deal with phishing attacks, fully implement multi-factor authentication, review and update disaster recovery plans, and respond quickly to further alerts from the government or other reliable sources. It is particularly important to make sure that any alerts or incidents are responded to promptly even outside of regular business hours – Iranian hackers are known to prefer attacking over the weekends and at night precisely because they know that weekday staff may not be available to respond immediately."
It is a prudent time to review your cyber liability insurance coverage. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It is important to work with an insurance broker that can identify your areas of risk so a policy can be tailored to fit your unique situation.
Email us at info@GoCGO.com if you have any questions, would like a cyber liability insurance quote, or if you would like us to review your current cyber liability insurance coverages.
This blog post is not intended to be exhaustive nor should any discussions or opinions be construed as legal advice - it is intended for educational and/or informational purposes only.