Beware the Iranian cyber response

Matt Horan of C3IA Solutions

A leading cyber-security expert is warning businesses to be on their guard following Iran’s threat to take revenge for the assassination of General Qassim Soleimani.

The high profile Iranian general was taken out in a drone attack by the US – and businesses across the West could now be targeted in the anticipated reprisals.

Matt Horan, security director of C3IA Solutions, said the rogue state’s tactics might include a scatter-gun approach with cyber-attacks.

In its attempt to disrupt the West’s advanced economies, the state could potentially target businesses in any sector.

The attacks could take many forms and the thinking is that hitting supply chains will harm a country’s economy.

And in turn that will affect the public’s confidence in its government, so the more firms it hits, the more effective its strategy.

C3IA Solutions, based in Poole, Dorset, which was one of the first companies to be certified by the government’s National Cyber Security Centre (NCSC), was founded by former members of the Royal Signals.

It also employs a number of ex-military personnel who have worked in the intelligence and cyber operational environments, giving C3IA Solutions a rare understanding of the issues involved.

Matt said: “Iran has already sworn to retaliate following the assassination of General Qassim Soleimani.

“With the UK being a close ally of the US and having partnered with them on operations in the Middle East it places us in their sights.

“Iran’s priority through cyber-attacks will be to harm our Critical National Infrastructure (CNI) – things such as water, power, and transport.

“It will then target FTSE 100 companies and the manufacturing sector, but we should not forget that some of the most successful state sponsored cyber-attacks have affected all manner of companies, of any size.

“Iran knows that businesses and supply chains are critical to keeping the UK functioning.

“In reaction to threats such as this, the UK has for a number of years been encouraging Small and Medium Enterprises (SMEs) to take ownership of their own cyber defence.

“All businesses can implement simple and basic steps that can mitigate against 80 per cent of common cyber-attacks.

“The NCSC – the Government’s technical authority for cyber defence – recommends that businesses adopt practices to reduce their attack profiles and protect their critical systems and services.

“The ‘10 Steps to Cyber Security’, ‘Cyber Essentials’ and ‘Cyber Essentials-Plus’ schemes provide some simple and practicable advice and guidance that all organisations can follow to protect their IT systems.

“They can be implemented reasonably quickly and at a low cost.

“When in place they will provide a more robust cyber defence and make a business less attractive to internet-based attackers and less susceptible to the impacts of malicious software.

“Companies delivering these services should have the appropriate certifications and qualifications under the NCSC Certified Consultancy partnership programme.”