Recent warnings have suggested that the likelihood of a destructive cyberattack from Iran targeting the United States has increased significantly.

“Iranian threat actors have clearly demonstrated the reality and limitations of their cyber capabilities with their recent attacks on Israel,” said John Hultquist, senior analyst for Google’s Threat Intelligence Group.

According to Hulsquist, Iran has been targeting Israel, particularly since October 7, by attempting to paralyze operational technology (OT) systems and destroy data.

On the other hand, the actual scale of damage was often inflated or mixed with distorted information, and was diagnosed as having a strong psychological effect.

If companies overreact to these reports, they risk being manipulated by attackers.

Nevertheless, the possibility of damage at the individual company level cannot be ignored.

“You should apply the same level of security procedures you would for ransomware to ensure network visibility and thoroughly operate a system for vulnerability scanning, patch management, and periodic backups,” Hulsquist advised.

In particular, it is important to strengthen internal monitoring and incident response plans (IRPs).

Iran is already actively conducting cyberespionage activities against the United States.

Through this, policy makers and diplomatic and security personnel are monitored and strategic intelligence is collected. Both personal and organizational accounts can be targets of social engineering attacks, so it is important to strengthen email security, implement multi-factor authentication (MFA), and conduct regular security awareness training.

There is also a risk that personal information may be collected indirectly through data leaks from companies in various industries, such as telecommunications companies, airlines, and hotels.

“Companies and individuals should share threat intelligence and conduct regular mock drills to improve their attack response capabilities,” Hulsquist emphasized.