With the conflict between the United States and Iran still simmering, US companies face an increased threat of Iran-backed cyber-attacks. This Weil memo addresses areas of potential vulnerabilities and attack vectors that companies should be monitoring, and this excerpt discusses some of the actions that companies should take now to protect themselves:

First, validate that incident response plans, escalation pathways and external contact lists (e.g., forensic firms, data breach counsel, cyber insurers, etc.) are current. The most common foot-fault in fast-moving events is not the absence of a plan, but the inability to operationalize it quickly.

Second, review external attack surface exposure and related vendor risk. That includes internet-facing remote access tools, privileged access pathways, legacy systems, third-party integrations and unmanaged assets. Companies should also identify vendors, service providers and other external parties with access to sensitive systems, data or operational environments, and assess whether those connections are necessary, appropriately secured and subject to heightened monitoring. Organizations that operate industrial processes or rely on building management and other facility control systems should ensure those environments are appropriately separated from the company’s general corporate network and that remote access is limited to necessary, secure and closely monitored connections.

Third, heighten monitoring for phishing, credential abuse, anomalous logins, multi-factor authentication bypass attempts, suspicious use of remote administration tools and early signs of denial-of-service or destructive activity. Where feasible, logging should be centralized and retained for a sufficient period to support investigation and remediation.

The memo also recommends testing business continuity plans with a focus on third-party dependencies and communications resilience preparing for the legal and regulatory dimensions of a cyber-attack.

– John Jenkins