If the start to this new year is any indication as to how cybersecurity risk looks to unfold over the next 12 months, then we are in for a very nerve-wracking 2020.
As if the typical array of devastating cyber-criminal activity wasn’t enough to cause a lack of sleep, the United States government, including the Department of Homeland Security and the State Department, are issuing ominous warnings related to a brand new onslaught of Iranian cyber-attacks. The reason for this escalation of concern was triggered by the recent U.S. airstrike against one of Iran’s top military leaders. Iran possesses very capable cyber-attack capabilities and have a long history of targeting U.S. computer assets, including those belonging to government, private industry, and infrastructure entities. One government website has already been compromised.1
Here is just a sampling of the methods Iranian cyber-attackers generally utilize to achieve their goals:
While the IT and security functions in your company will do the lion’s share of defending your organization, you play a critical role in keeping your business and your personal data safe. Since over 90% of data breaches are initiated via social engineering attacks such as spear phishing, stay vigilant for suspicious emails and avoid providing sensitive information or clicking on links without confirming (e.g., via phone) that the sender is in fact a trusted contact. Other best practices include refraining from browsing websites that are not work-related. If you see something you feel is even remotely suspicious, contact your company’s security and/or IT contact.
For more information about how Citrin Cooperman’s Technology and Risk Advisory Consulting (TRAC) team can help keep your business safe, please contact Kevin Ricci or Matt Wagenknecht for more information.
1 https://threatpost.com/hackers-deface-u-s-gov-website-with-pro-iran- messages/151559/