Agencies Issue Alerts on Iranian Cyber Activity
January 14, 2020
The U.S. Department of Homeland Security (DHS) and New York State Department of Financial Services (DFS) issued guidance to companies on securing computer networks.
DHS's Cybersecurity and Infrastructure Security Agency (CISA) advised that Iran and its proxies have a history of "disruptive and destructive cyber operations against strategic targets, including finance, energy and telecommunications organizations, and an increased interest in industrial control systems and operational technology," the advisory said. Iranian operatives also could steal intellectual property or conduct cyber-espionage "to enable a better understanding of our strategic direction and policy-making," according to CISA. The agency also released a technical advisory for security professionals with common techniques associated with Iranian hacking groups.
DFS recommended that companies, "ensure that all vulnerabilities are patched/remediated (especially publicly disclosed vulnerabilities), ensure that employees are adequately equipped to deal with phishing attacks, fully implement multi-factor authentication, review and update disaster recovery plans and respond quickly to further alerts from the government or other reliable sources."
The third pillar of ALTA’s Best Practices provides recommends adopting and maintaining a written privacy and information security program to protect Non-public Personal Information as required by local, state and federal law.
Contact ALTA at 202-296-3671 or [email protected].