With problems in Iran, American businesses need to have a heightened sense of awareness around potential cyberattacks. What can businesses do and what should they be aware of?
The first thing people/companies need to be doing is training their staff on what to look out for. This is where we see most of the organizations fail. They put in place very robust technology, firewalls, IPS’s, IDS’s, antivirus, and things of that nature, but they fail to educate their staff on wat they should and shouldn’t be doing while they’re using corporate computing platforms. Iranian hackers are using fake links within LinkedIn to get people to download malware, Employees don’t recognize that using social networks could potentially be a danger to their company, they get complacent. If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organization.
If something does happen, you need to have a robust incident response program in place. In the financial industry, having off-line procedures is critical, because obviously, people are still going to want to come in and transact business, they’re going to want to cash checks, make withdrawals, and deposits. If the organization doesn’t have good offline procedures put in place, there is a good chance that they are not going to be able to serve their membership or their customers and as a result they are going to end up in the press as it’s an eventuality that somebody will get angered because they couldn’t cash their check and run to the press screaming that this organization wasn’t prepared or ready for this type of eventuality to occur. A municipality, could be at the tax office, could have the same type of issue so really it’s having that incident response program and a business continuity program in place so that you respond, should ransomware or other types of malware make its way into your network so that you can respond accordingly and you can still function as a business while your IT department is dealing with the forensics and the other types of analysis that needs to be done so that they can bring the rest of the systems back online.
It’s really important to make sure that businesses are testing their programs. All too often, what we at Digital Defense see is that people have very robust incident response programs in place, but it’s been five years since they tested it. And since then, they have changed their processing systems, or they’ve upgraded their computing platforms to a new server level. So now, what they have no longer applies to what they have in place, but they haven’t tested it, so they don’t know. And when an issue arises, and they pull that plan out and it’s too late and they find that that plan no longer applies and it doesn’t work, and it doesn’t save them.