CISA warns Vigilance Watching for Iran Cyber Attacks
Jan. 4th 2020: The Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, issued a National Terrorism Advisory Bulletin. This agency issues such warnings when a credible, specific and impending terrorism threat against the United States exists. This Bulletin warned of impending cybersecurity attacks against US government and business entities in retribution for the killing of Iranian IRGC-Quds Force commander Qassem Soleimani the day prior. Iran has a history of cyber attacks against US Businesses and government entities. Companies should be on high alert and remind employees to be especially vigilant in email phishing attacks amongst other cybersecurity best practices.
How advanced is Iran’s Cybersecurity Capability?
In 2020, Iran has 1% of the world’s population (80 million people) and yet it ranks as 4th in the world for its offensive Cybersecurity capabilities (and that was 5 years ago in 2014) according to an Israeli Think Tank studying Iran’s capabilities. This means their threats of retribution need to be taken very seriously by every business owner, government entity, and non-profit organization. This is a serious and credible threat to our electronic welfare.
What does this mean for US Businesses? (Practical Advice for Business Owners)
Strong vigilance is required. Share this newsletter article with all your employees. Ask staff to be on the lookout for the following:
- Phishing attacks of any kind (Whaling, Smishing, Vishing, and Spear-Phishing)
- Adopt a heightened state of situational awareness; if you see something, say something.
Businesses should ensure their Information Technology teams have:
- Validated Backup solutions in place and working for all your critical data;
- Two-factor authentication enabled on critical accounts, especially email and remote access;
- Adopted and trained users on using Password Managers to improve password hygiene over time;
- Reviewed, updated, and exercised your Incident Response Plans to ensure staff know their rolls in an emergency.
By preparing and taking these steps, your organization will be better prepared for the unexpected cyber attacks that could materialize by the end of this week (often Friday late afternoon).
Additional Reading:
Cybrary?
Have you visited our “Cybrary”?
CyberHoot’s Cybrary (Cyber Library) has over 200 Cybersecurity terms defined in plain english.
For example, here you can learn the meaning of “Administrator Rights” alongside practical advice “for SMB’s”.
Visit CyberHoot’s Cybrary today to sharpen your cybersecurity saw! Not finding something? Send Cyber Al a request and we’ll add it to the Cybrary!
What to Do?
- Adopt a heightened state of awareness;
- Watch for sneaky Phishing attacks;
- Exercise organizational incident response plans;
- Validate your backup infrastructure using 3-2-1 methodology.
New Years Resolution:
Learn a Password Managers
The Internet has accumulated more than 10 Billion publicly documented breached accounts, with estimates of 10 to 20 times more non-public breached accounts in the dark web. We are always at risk of being hacked by our passwords. The easiest way to improve your password hygiene, is by adopting a password manager.
Password managers help limit the damage from online breaches (Facebook, Linked-In, and Yahoo) by moving you towards unique passwords on each and every account. When one is breached, you change that one account in one place. And yet, there are many more compelling reasons to learn a Password Manager.
Password managers store and encrypt all your passwords and make them accessible to you through a browser plugin. They are there right when and where you need them. They also help by synchronizing all your accounts between all your personal devices and locations (smart phone, tablet, Cloud, work and personal computers). Change one password on your work computer, its up-to-date on your phone and home computer when you need them.
Password managers protect you from giving away your private info on malicious credential thieving phishing websites. When you visit a bogus Facebook, Microsoft, or Google website that prompts you for your login credentials, your Password Manager will refuse to fill the information in. You see, even when you don’t know you’ve been had, your password manager does and will protect you on these look-alike websites!
Watch CyberHoot’s training video on Passwords:
NEW FEATURE ANNOUNCEMENT: MY CYBERHOOT
CyberHoot spoke to a trainee last year who refused to electronically sign off on his Password Manager training. His reasoning was simple – he wanted to rewatch the instructional video to remind himself how to use the software tool LastPass.
CyberHoot listened and created our “My CyberHoot” feature. This allows anyone to visit their “My CyberHoot” page at any time and view all the trainings and policies they have completed in the past. Find a link to “My CyberHoot” in every email we send to you now. You can also view your outstanding training assignments here too!
CyberHoot Testimonial
5 min training
CyberHoot Hoots are 5 minutes or less. This means your staff get training in the least possible time with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees today.
Effective
CyberHoot is mandatory company assigned training that takes time and adds work for employees; yet, over 60% of 100 CyberHoot users surveyed would be "Disappointed" or "Very Disappointed" if CyberHoot was taken away!