New CISA recommendations following recent Iran hostilities

By Jeremy Louise | January 23rd, 2020

Due to recent events surrounding the increased hostilities between the Islamic Republic of Iran and the United States, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a notification outlining their recommendations to safeguard against a potential state-sponsored cyber-attack.

The notification contains the following recommendations:

1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.

2. Increase organizational vigilance. Ensure security personnel is monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.

3. Confirm reporting processes. Ensure personnel knows how and when to report an incident. The well-being of an organization’s workforce and cyberinfrastructure depends on the awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).

4. Exercise organizational incident response plans. Ensure personnel is familiar with the key steps they need to take during an incident. Do they have the access they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel is positioned to act in a calm and unified manner.

For a more complete overview of their recommendations, please refer to their site;

https://www.us-cert.gov/ncas/alerts/aa20-006a

Many of CISA’s recommendations are simple to address but there are a number of additional tactics that can be employed to increase your security posture and ultimately minimize the impact of a potential cyber-attack to ’s network systems and/or data.

It's Your Move!

If you have any questions or would like to secure the time to discuss how we can help address this developing threat, please reach out to our team at TSI Support and we'll be happy to help you stay as safe as possible in today's cyberworld.

Need Support? Call Us Today

Available 24 hours a day, 7 days a week
1-508-543-6979