Tensions in the Middle East are high following the U.S. government's assassination of Qassem Soleimani, Iran’s top-ranking military general. Iran retaliated in the early hours of January 8, launching more than a dozen ballistic missiles against two military bases housing U.S. troops in Iraq.
In addition to missiles and military maneuvers, Iran is also no stranger to cyber warfare. In 2016, the U.S. charged seven hackers linked to the Iranian government with executing large-scale coordinated cyberattacks on dozens of banks, as well as a small dam outside New York City.
Two days before the missile strike, the Department of Homeland Security (DHS) issued a bulletin warning of Iran’s ability to carry out attacks with temporary disruptive effects against critical infrastructure in the U.S., and for American companies to be prepared for “cyber disruptions, suspicious emails, and network delays.”
Just one day after DHS released the bulletin, Texas Gov. Greg Abbott said his state has seen a spike in attempted cyberattacks from Iran on state agency networks at the rate of about 10,000 per minute.
Financial institutions should remain vigilant regardless, but the escalating situation in the Middle East serves as a catalyst to ensure your institution is fully prepared to deal with a cyberattack from a foreign adversary. Here are some things you should be doing right now:
Reduce Your Attack Surface
This is an excellent time to take inventory of your technical assets, because every device and piece of installed software you have increases your attack surface, leading to much higher risk.
Eliminating unused devices reduces the amount of assets you must manage and protect. However, getting rid of unused software may be even more important, as all software has the potential for vulnerabilities. Whitelisting your applications is a fantastic way to accomplish this.
Cut Access to Systems
Whenever possible, take the time to reduce the number of administrators to systems, including all local admin rights. You should also restrict access to systems or data on a need-to-know basis. This includes keeping an eye on third-party access, which is something that Christopher Krebs, director of the DHS’ Cybersecurity and Infrastructure Security Agency, tweeted about recently.
Backup Your Data
The frequency of ransomware attacks is on the rise, and this is an enormous concern for financial institutions in this country. Cyber criminals prefer ransomware attacks because they pose little risk while providing a quick pay out.
Ransomware attacks depend on the ability to hold your data captive, but these attacks become far less threatening if your data has been duplicated and stored elsewhere. Make sure you are backing up your data regularly and consistently testing those backups to make sure they work properly.
A.B.U. (Always Be Updating)
We are nearing the end-of-life date for two widely used operating systems: Windows 7 Service Pack 1 and Windows 2008 Server Service Pack 2. Support for both systems ends after January 14, and there is high probability that hackers are already sitting on vulnerabilities for these systems, ready to strike once the support date passes.
Unpatched software is a huge risk, too. So make sure you install all operating system and application security patches in a timely fashion.
Monitor Your Network
One of the biggest challenges community institutions face is monitoring for suspicious activity. Security systems and tools are critical, but neither take the place of eyes on glass. One of the wisest investments you can make is partnering with a managed services provider (MSP) that offers around-the-clock assistance in monitoring for suspicious activity. These same providers can also assist with administrative functions, such as system and software updates.
In addition, a qualified MSP can offer practical advice and answer questions to make sure your institution is doing everything it can to prevent attacks.
Secure Your Perimeter
You’re only as strong as your weakest link, and if your weakest link is your perimeter security, you’re basically leaving the front door wide open.
It’s no longer optional to simply deploy firewalls and intrusion prevention systems. Financial institutions must go above-and-beyond typical security measures to keep their systems safe and should consider taking advantage of enterprise-grade security solutions.
Train Your Employees
Social engineering remains one of the top ways to compromise a network while remaining undetected, and therefore, should be toward the top of your list when it comes to cyber training. While email is often the focal point of such trainings, we shouldn’t forget that phone calls and dropped USB drives are still very successful attack vectors, too. Additionally, strong email and web filtering is critical, as they stop many attacks before they start.
In Conclusion: Preparation Is Key
In response to notifications from DHS, the Federal Reserve, FBI and other governmental agencies, CSI has updated security monitoring and response correlation rules to identify potentially malicious activity as identified by these agencies and will notify customers if any traffic is detected from any agency-supplied sources.
Ask yourself this: If you live in an area that is susceptible to hurricanes, and you do nothing to prepare, are you negligent when the storm hits your house? Cybersecurity is the same thing, and you need to do everything you can ahead of time to prepare your institution to weather a cyberattack.
For more information on what CSI is doing to thwart the increase in potential cybersecurity threats from the Middle East, contact CSI Managed Services.
Steve Sanders is vice president of Internal Audit for CSI. In his role, he oversees the evaluation and mitigation of risks associated with IT, financial and operational systems. Steve is a CISA, CRISC, CRMA, and CTGA, and he speaks regularly on information security, cybersecurity, IT and IT audit topics.