The war in Iran is reaching cyberspace - here’s how to prepare

Since day one, the war between the United States and Iran has played out in cyberspace. Now, we’re seeing cyber warfare reaching U.S. healthcare companies, banks and other enterprises.

As in other recent geopolitical skirmishes, in this conflict cyber-attacks are playing a role far beyond passive espionage.

Organizations like RAND say both military and civilian organizations are susceptible to its damaging effects.

But it’s critical to know that the biggest vulnerability usually isn’t the sophistication of attackers. Instead, it’s the lack of cybersecurity readiness among the organizations they target.

The enterprise execution gap

Playbooks and plans may help us feel prepared, but where many organizations go wrong is assuming this kind of paperwork equates to true preparedness.

To respond effectively to a real attack, there’s a choreography that has to happen in cross-departmental coordination, high-stakes decision-making and leadership communications. Only in practicing the actual execution can organizations truly prepare, and attackers are counting on you not to.

To put it another way, if you're not already testing your teams in simulated cyber warfare scenarios, they're not going to be ready when the real attack strikes.

Geopolitically motivated Advanced Persistent Threats (APTs) often entail a long-term attack where intruders tied to a hostile nation gain unauthorized, undetected access to a network to steal sensitive data or sabotage systems. Unlike typical hit-and-run attacks, APTs are highly targeted, lasting months or years to achieve specific objectives like espionage or intellectual property theft.

For example, in December 2023 a cyberattack on Ukraine’s largest telecom provider, Kyivstar, knocked out mobile and internet services for millions of users throughout the country. It was later revealed by investigators that the attackers had gained access to the network months before the official disruption – dating back to May 2023.

That day it was Kyivstar, but any number of other companies could have fallen victim to this patient, calculated attack.

When what appears to be a minor anomaly could actually be the beginnings of a sophisticated nation-state attack, there’s zero room for hesitation. Teams need to develop a muscle memory that equips them to respond efficiently.

The strongest security asset: humans

Everyone’s thinking it: but what about AI? Can AI help protect against cyber warfare?

Sure. But your best bets are still the humans running it.

AI tools can bring anomalies to light faster and analyze vast amounts of activity, but at the end of the day, good security is as much about people as it is about technology. The strongest security teams aren’t just technically adept, they’re effective communicators.

Even in nation-state-driven APTs, many attacks begin with a basic security control failing or being bypassed – such as someone clicking a rogue link or downloading a compromised file.

Simply getting the entirety of an enterprise organization to reliably cooperate with security protocols and priorities offers a huge blanket of protection, and it’s an incredibly human task. AI can help security teams operate more efficiently and allow humans to be more proactive, but it’s no silver bullet against persistent threats.

Consider a global financial services company operating during these rising tensions with Iran. The firm has strong cybersecurity policies on paper and an array of state-of-the-art AI security tools, but doesn’t regularly coordinate and make decisions alongside the wider organization.

A SOC analyst notices several unusual login attempts and anomalous activity from an employee workstation. The activity is flagged and eventually confirmed as a breach. However, since there are no clear communication protocols between security teams and the broader organization, such as leadership and the teams responsible for the affected systems, response decisions stall.

Deciding whether to isolate the system, hold an update or notify impacted teams bounce to and from the SOC and leadership teams, without clear direction.

By the time containment steps are approved and communicated enterprise wide, attackers have already moved deeper into the network and accessed personal data.

In the post-incident review, the problem isn’t a lack of security tools or policies. It’s that the organization has a disconnection between its defenders and those they are protecting. Strong, effective cyber defense depends just as much on strong communication and decision making across the business as a whole as it does on the technical detection.

Creating security certainty in an uncertain geopolitical environment

International tensions will continue to drive cyber activity, whether organizations are prepared or not.

The companies that recover fastest treat cyber readiness as a continuous feedback loop between the tech and its people. They optimize their response through constant practice exercises, identify weaknesses early, and refine how their teams coordinate, communicate, and escalate potential threats across the business.

By repeating the simulation cycle frequently to identify weaknesses during exercises, and converting findings into improvements such as updating playbooks, refining detection rules and overall communication protocols, teams will face continuous maturity rather than siloed preparedness to specific situations.

Enterprises cannot control global politics, but they can control their readiness. Those that survive any form of cyber-attack are those three steps ahead – those that practice responding before the crisis ever arrives, versus scrambling to contain damage in response.

In an era where geopolitical events can quickly translate into cyber incidents, preparation isn’t just about tools, it’s about how well people perform when an incident unfolds.

We've ranked the best firewall for small business.