Cyberwarfare is the use of sophisticated cyber weapons (viruses, worms, trojans, etc.) by one nation-state to infiltrate, spy on, and disrupt critical infrastructure systems of another country. Most countries prepare for cyberwarfare digitally in the 21st century no differently than physical warfare. Wargames are practiced by each military organization focusing on both offensive and defensive capabilities. Cyber espionage is clandestinely conducted by most nation states with some receiving more attention than others for their prowess. Cyberwarfare is also practiced by terrorist groups aimed at furthering the specific goals.
In January of 2020 the Department of Homeland Security put out an alert notifying citizens of a potential cyber attacks from Iran. This followed heightened tensions between the US and Iran following a drone strike that took out a notorious Iranian military leader. Some cybersecurity experts put Iran’s cyberwarfare capabilities right behind Russian and China.
“Russia and China are Tier 1 cyber aggressors and very close behind them comes Iran, then North Korea. It is often difficult to distinguish between different countries in cyber terms as they probably use proxies in each other’s countries to mask the true originator. The U.S., U.K. and Israel are probably the West’s Tier 1 countries with sophisticated capabilities from both a defensive and offensive perspective.”
Iran has hacked numerous government websites, taken down servers of corporate targets, and broken into email accounts of people speaking out against their regime. Their actions seem to be geared toward cyber vandalism, but that doesn’t mean that they aren’t capable of something far more serious.
Experts regularly exchange ideas on Iran cyberwarfare capabilities. Christoper Krebs, head of the US’s Cybersecurity and Infrastructure Security Agency, warned about various scenarios his agency thinks is within Iran’s capability. He suggested Iran could take over our power grids and shut them down for days or weeks. The stock market could be hacked into, taken offline, or simply manipulated causing economic turmoil. Iran could take over water supply systems, leading to unsafe drinking water, or even hack into Tesla’s auto-drive feature to take over control of the vehicle. These may seem like exceptional hacking events, but increasingly cybersecurity researchers are showing them to be very possible. According to one DHS employee, “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Additional Reading: DHS Warns of Potential Cyber Attack from Iran
What does this mean for an SMB?
SMBs shouldn’t focus on Nation State attacks. However, the steps they take to prevent a breach at their SMB will provide a more difficult target for nation state attacks. SMBs ought to focus primarily on their employees taking simple measures to improve employee’s online security.
10 Steps every SMB should take to Protect themselves from Cyber Attacks:
- Implement the Principle of Least Privilege. Remove administrator rights from employees local Microsoft Windows workstations.
- Monitor computer systems with Network-based Intrusion Detection Systems to see where data is coming from, going to, and who accesses it.
- Implement Data Loss Prevention technologies on your email systems to spot critical and sensitive data leaving your business via email.
- Train employees on the cybersecurity best practices.
- Phish test employees to keep them vigilant in their inboxes.
- Govern staff with policies to guide behaviors and independent decision making.
- Regularly backup all your critical data using the 3-2-1 approach.
- Adopt a Password Manager for all employees.
- Enable two-factor authentication on all critical Internet enabled services.
- Buy enough Cyber Insurance to cover a catastrophic breach event.
Become more aware to become more secure.