The Truth About Iranian Cybersecurity Threats
Given recent headlines, one might conclude that Iranian Cybersecurity threats were a new development. In fact, Iran has been a player in the international cyber game since 2002 with the formation of the Ashiyane hacking forum to repress dissidents. By 2007, government backed organizations had begun to develop sophisticated tools and engage in active campaigns. As reported by the Carnegie Endowment for International Peace, Iran’s first major international act was to attack Twitter in December of 2009 to disturb the efforts of the Iranian Green Movement that was working against the reelection of Mahmoud Ahmadinejad. Two years later Iranian efforts resulted in one of the largest data breaches in internet history when a hack on DigiNotar gave the Iranian government access to Gmail users in Iran.
Cybersecurity Threats to Businesses
As Iran’s skills in cyber attacks developed their focus has expanded to international businesses. In 2012 an alleged virus was launched against Saudi Arabia’s Aramco oil conglomerate. It also conducted denial-of-service attacks against U.S. banks. The Iranian hacker group OilRig has focused primarily on private industry targets and managed to breach Las Vegas Sands in 2014. Another group, Iranian Dark Coders Team, has focused on cyber-vandalism by defacing industry sites with pro-Iranian propaganda.
Other Nation States in Cyber Attacks
In truth, there are few innocent nation states in the cyber attack world. There has been an invisible and silent international state of war in the cyber world for decades. Those that pose the greatest threat to businesses in the United States include The Peoples Republic of China, Russia, and North Korea. These players actively seek on an ongoing basis to disrupt businesses and steal vital and sensitive information.
What Can be Done?
Effective cybersecurity for businesses is obviously very important. Because nation states with vast resources are a constant threat a complete systematic process that involves not only an IT department is required. ISO 27001 is such a system in that it involves all players in a company in a Quality Management System (QMS) that continually adapts to the changing nature of threats, enacts effective counter measures, and educates all employees on best practices to avoid cyber incidents.
CVG Strategy can help you attain an ISO 27001 certification. This can help you demonstrate a commitment to data security through an internationally recognized process.