NY Warns Iran May Cyberattack
On Jan. 4, the New York State Department of Financial Services (DFS) said in an industry letter to all regulated entities that there is a “heightened risk of cyberattacks from hackers affiliated with the Iranian government.”
“The Iranian government has vowed to retaliate against the United States for the death of Qassem Soleimani. Given Iranian capabilities and history, U.S. entities should prepare for the possibility of cyberattacks,” the DFS letter states. “DFS therefore strongly recommends that all regulated entities heighten their vigilance against cyber attacks.”
DFS said all regulated entities should be prepared to respond quickly to any suspected cyber incidents. Iranian-sponsored hackers have historically relied primarily on common hacking tactics, such as email phishing, credential stuffing, password spraying, and targeting unpatched devices.
Cyber policies fill in the gaps left by traditional lines, according to AIG Global Head of Cyber Insurance Tracie Grella. “Cyber insurance policies were designed specifically to cover intangible, nonphysical loss caused by a cyber event — loss of data, cyber extortion, loss of business income.” Experts say the threat to small businesses may be even greater than for large corporations.