Don’t Be the (Uninsured) Victim of a Foreign Cyberattack

U.S. government officials and cybersecurity experts are warning businesses to prepare for a surge in cyberattacks from Iran.  On Thursday of last week, U.S. Cyber Command carried out online attacks against Iranian missile control systems, as well as the Iranian intelligence group believed to have coordinated recent attacks on oil tankers in the Gulf of Oman.  While Iran denies that the attacks were effective, it is widely suspected that, in retaliation, Iran will now increase the already large volume of cyberattacks directed at the United States.

There are a number of potential targets within the U.S.  Should Iran wish to loudly demonstrate its capabilities while limiting the fallout of its attack, it may focus on prestige targets, such as notable educational institutions.  If Iran wishes to inflict more serious economic or even physical harm, however, then targets could include financial institutions, networked traffic systems, health care institutions, and the power grid.

Fortunately, there are a number of relatively simple steps that organizations can take to harden themselves against any attack.  While these are steps that all organizations should be taking anyway, the current tensions make them even more important.  This is especially true because insurers may deny coverage for losses on the basis that Iranian cyberattacks, which originate from a foreign power, are acts of war or terrorism.

You should take following steps immediately:

  • Consider cloud storage: cloud storage providers offer some of the most robust defenses available. It also stores your data across multiple servers, making it less vulnerable to any one attack.  If you don’t have cloud storage, then make sure you back up your data frequently and on a schedule.
  • Educate your employees: employee mistakes are often at the center of cyberattacks. Make sure your employees know the warning signs of a phishing email.  Have your IT department test their ability to spot these warning signs by sending out mock phishing emails.
  • Have (and enforce) an effective flash drive policy: a surprising number of cyberattacks rely on flash drives. In fact, the U.S. is believed to have introduced the Stuxnet virus that set back the Iranian nuclear program through a flash drive infected with the cyber weapon.  Types of controls you could put in place include restricting the use of flash drives by employees or requiring that employees may only use IT-approved devices.
  • Defend against DDOS attacks: a distributed denial of service (DDOS) attack occurs when an attack overloads your system with traffic from multiple sources. You can defend against this by using redundant servers, purchasing extra bandwidth, establishing a virtual private network (VPN), and keeping security patches current.
  • Have a plan: if something does happen, you don’t want to make up your response on the fly. Develop an incident response plan beforehand, with input from all key personnel, and review it on an at least an annual basis.

These are only some of the many steps available to help your organization navigate an environment of increasing security threats.  If you would like assistance developing and implementing a program to reduce the chance of loss from a cyberattack, please contact a member of the Sands Anderson Cybersecurity and Technology team.