Tensions are rising between the United States, Israel, and Iran, sparking worries about possible cyber attacks on Western businesses. Experts say the biggest threat might not come directly from Iran’s own hackers but from allied groups and hackers taking advantage of the situation.
Matthieu Chan Tsin, a senior leader at cyber insurance provider Cowbell, explained that recent events inside Iran are changing where these cyber threats are likely to come from. Traditionally, most attacks have been linked to groups within Iran tied to the Islamic Revolutionary Guard Corps. But right now, cyber operations directly from Iran seem to be limited.
Three main reasons may be holding Iran back. First, Iranian cyber teams have been focusing more on domestic issues due to ongoing protests. They’re busy keeping an eye on things at home rather than launching attacks abroad. Second, an Israeli strike on a Tehran compound on March 4, which included cyber warfare facilities, might have damaged Iran’s cyber command. Finally, internet access inside Iran has plummeted to about 1% of normal levels since late February. It’s unclear whether this drop is due to government restrictions or outside cyber attacks.
Because of these factors, any increase in Iran-related cyber activity is more likely to come from proxy groups or countries aligned with Iran rather than from Iran itself. Meanwhile, chatter online linked to Iranian hackers has grown since late February, with some groups posting warnings or claiming attacks on U.S. and Israeli targets. However, experts warn that these claims are often unverified or exaggerated.
Iran has a history of launching cyber attacks targeting important infrastructure like utilities, government agencies, and healthcare companies. Their attacks can include denial-of-service strikes, ransomware, stealing credentials, and destructive malware designed to wipe out systems.
Cyber insurers and response teams are keeping a close eye on the situation but have not yet seen a clear rise in insurance claims linked to these tensions. Investigations into cyber attacks take time, so any real impact might not be visible for weeks.
Given the situation, businesses should focus on strengthening their basic cyber defenses. Chan Tsin recommends quickly patching software and updating devices like routers and firewalls. Companies should also keep critical systems, especially those managing physical infrastructure, off the public internet and protected behind firewalls or on segmented networks.
Strengthening identity security is important, too. Iranian hackers often use simple tactics like phishing or stealing passwords to get in. Using strong, unique passwords, limiting who has access, monitoring employee accounts, and enabling multi-factor authentication can help block these attempts.
While the full picture is still unfolding, the best approach for companies is to prepare for the possibility of attacks and focus on solid, practical security measures. The current situation may develop further, but being ready is the smartest move right now.