Viewpoints from Gregg Davis
On June 22, 2025, the U.S. Department of Homeland Security (DHA) issued a National Terrorism Advisory Bulletin warning of a heightened threat environment across the United States due to the direct involvement of the United States in the ongoing conflict between the nations of Israel and Iran. According to the alert, “low-level cyber-attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks.” The advisory was released shortly before a ceasefire was announced between Israel and Iran. Although the ceasefire has resulted in a reduction in military hostilities, the potential for retaliatory cyber activity against the United States remains. The DHS advisory will remain in effect until September 22, 2025, unless it is modified or withdrawn.
While Russia, China, Iran and North Korea have remained the top originators of state sponsored cyber-attacks, United States involvement in the Isreal-Iran conflict is cause for concern. While conventional weapons may not be able to reach the United States, cyber-attacks have no distance limitations. The United States and its allies have emphasized the importance of remaining vigilant as geopolitical tensions rise. With the potential for retaliatory cyber activity from state actors or affiliated groups, organizations must bolster their defenses to mitigate risks. Now more than ever, every business—regardless of size—needs to be equipped to navigate the complexities of modern cyber warfare. Shields up!
Strengthen Basic Cyber Hygiene
- Conduct regular vulnerability scans and penetration testing (consider ethical hackers/bug hunters).
- Apply necessary patching and ensure endpoint security tools are up to date.
- Implement or reconfirm Multifactor Authentication (MFA).
- Check backups and test your restoration process.
Harden Cloud Infrastructure
- Secure your cloud environments by enforcing least privilege access and strong identity management.
- Enable logging and monitoring for all cloud resources.
- Ensure data is encrypted at rest and in transit.
- Regularly review and update cloud security configurations and permissions.
Identify and Assess Supply Chain Risks
- Monitor for collateral damage from cyberattacks, especially those affecting global shipping and logistics.
- Evaluate connectivity from high-risk geographies (such as Ukraine, Iran, North Korea and Russia).
- Consider implementing temporary IP geo-blocking as needed.
Evaluate Incident Response and Business Continuity Plans
- Conduct regular drills and ensure all crisis response team members know their roles (and designate alternates).
- Maintain relationships with legal/breach counsel and cybersecurity incident response firms.
Leverage Risk Transfer Mechanisms
- Review your cyber insurance policy and other applicable insurance products.
- Examine contracts with vendors, business partners, and third parties.
- Ensure hard-copy versions of critical insurance documents are accessible.
Develop a Culture of Communication and Training
- Participate in information-sharing groups within your industry.
- Connect with regional CISA representatives and local FBI field offices.
- Conduct holistic tabletop exercises and increase the frequency and complexity of phishing and employee training exercises.
