The Iran conflict has threatened new retaliations and we don’t know where they’re going to come from. Cyber retaliation is a real possibility. Who’s being threatened and how should we prepare?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Nicholas Hayden, global head of threat intelligence, Anomali.
Thanks to this week’s podcast sponsor, Anomali
Got feedback? Join the conversation on LinkedIn.
On this episode of Defense in Depth, you’ll learn:
- As we’re seeing now, it often takes a scare like Iran, to get everyone to pay attention to their threat detection and response capabilities.
- if you believe you’re a target for an APT (advanced persistent threat) you need to also assume it’s going to be hidden.
- If and when you find an APT, also assume it’s at the beginning of an attack chain. You’re going to have to go deeper. Shutting it off at that moment won’t let you understand what’s happening.
- Iran may use the resources of China and Russia as they have hooks into other industries.
- There’s a strong belief that cyber warfare is commingled with organized crime. The two groups need each other.
- Much of the “how to handle Iran” advice is to focus on foundations, not basics, because it’s actually not easy, said Yaron Levi, CISO, Blue Cross/Blue Shield of Kansas City, we use these potential threats as an area of focus.
- If you are doing the fundamentals, and doing them well, you are doing what you can. You don’t have the intelligence that the military has, and therefore, you don’t have the ability to craft specific defenses.
- Beware of complacency and going in and out of “heightened alert”. Eventually, people will forget about this perceived impending Iran threat. That’s why threat intelligence needs to be handled consistently over time.