The US has been taking a more proactive approach to cybersecurity in the last year. The Cyberspace Solarium Commission was launched in order to identify risks facing the US and to make recommendations and changes to the way that America prepares to fight in the increasingly hostile digital landscape. The Commission has now released its report, and the findings suggest that the US is woefully unprepared for cyberattacks. One of the leading threat actors is Iran, and the increasing level of hostilities in the region makes for some troubling conclusions in the report. While steps are being taken to keep US interests safer, the sophisticated tactics and strategies used by Iranian hackers make staying safe a lot more difficult.
When a drone strike in January took out General Soleimani, and the retaliatory response resulted in US forces being targeted at the Al Asad airbase, those with an eye on cyber defense started making stark warnings regarding the potential online response. Various industries went as far as releasing sector-relevant warnings to US businesses. While many still believe that Iran and cybercrime are mismatched as a cause for concern, the country is one of the key threat actors in the world, and currently only ranks behind Russia, China, and North Korea in terms of its online threat level. Iranian cybercriminals, and those external hackers that align with their politics, are as sophisticated as it gets. That makes them among the best hackers in the world.
Iranian-backed cybercrime is not new, and it’s not something that only happens in retaliation to a drone strike. No hackers are sitting around waiting for an excuse. Instead, they are probing defenses, looking for weaknesses, and using highly publicized events to both add confusion and to create enticing links to be clicked on. That means the US needs to be working on cyber defenses and the prevention of breaches on a full-time basis. As Iranian cybercriminals grow bolder, they are only becoming more of a threat to businesses and private individuals than ever before. It is estimated that between 2013 and 2017, Iranian hackers stole as much as $3.4 billion in terms of intellectual property. They also started to specialize in selling stolen data.
Of course, the Ayatollah hasn’t quite reached the point where a small US business is going to be specifically targeted. However, it does pay to remain safer. As sanctions against Iran continue to have a devastating effect on the region, attacks are expected to increase. The question of whether Iran intends to make nuclear weapons, as indicated by leading experts at iranforeignpolicy, is of a similar threat level. Nobody is immune to hackers and cybercrime, but not enough people are aware of the rising number of potential online enemies there are. Iran is simply one more threat to address when going online.
One of the most interesting recommendations to come out of the Cyberspace Solarium Commission report is the establishment of a dedicated government department called the Bureau for Cyberspace Security and Emerging Technologies. The report also recommended restoring the cyber coordinator position that was, unfortunately, eliminated. Whether these recommendations will be followed is yet to be seen, but the report has made it very clear. Alongside other threats in the online world, Iran has adopted a cyberattack approach that leaves everyone in America at risk. The only way to stay safe is to ensure that you strengthen online defenses and know how to avoid some of the more obvious pitfalls of lax online security.