Being vigilant at home: Attacks on Iran may cause a rise in cyber attacks

Following the start of "Operation Epic Fury," the United States joint military operation with Israel against Iran, the UK advised organizations to be wary of cyberattacks from Iranian-related groups. Many in the cybersecurity industry foresee increased cyberattacks from Iranian-affiliated groups that deviate from more common data exfiltration attacks, with such attacks possibly focusing on disruption, denial, or destruction. Iranian-affiliated groups may work to deface websites and conduct distributed-denial-of-service attacks. Other attacks may be more sophisticated, beginning with credential harvesting, exploiting known weaknesses, and spear phishing with the purpose of developing into intelligence gathering and then disruption, such as encrypting or deleting data.  If it sounds familiar, it is.  In June of 2025, the United States conducted Operation Midnight Hammer hitting three Iranian nuclear facilities. A few days following this attack, four different government agencies (the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Security Agency) issued a joint statement advising groups to be alert for Iranian-related cyberattacks.  However, with the current offensive that could extend for weeks, months or longer, the threat of cyberattacks is greatly increased as Iran attempts to leverage any available options for retaliation.

In the current threat landscape, it is imperative to be vigilant and take the proper precautions. Implementing measures to harden networks, such as updating software, patching known vulnerabilities, changing passwords periodically and enforcing multifactor authentication, is critical. Organizations should also improve monitoring and threat detection capabilities within their environments. An organization that routinely handles highly sensitive information, in particular, should reassess the software and devices it utilizes to determine whether they are still “up to snuff” and may even want to consider consulting with technology experts to consult on the current security posture and potential improvements. Security is always a going concern for organizations, but all the more so given the heightened threat landscape.

Just as important as preventing a cyberattack is knowing how to respond to one, and respond quickly. Incident response plans are helpful tools for organizations and their team members, outlining how to respond to a cyber incident and the contact information for a variety of critical parties, such as cyber insurance carriers, data privacy counsel, and forensics. It may also provide guidance for staff by delineating different levels of severity and the steps to take allocated to each. A formalized incident response plan can greatly improve response time, lessen financial burden, ensure experts are involved immediately and reduce anxiety and fatigue by staff responsible for doing the on-the-ground recovery work and reporting. Data privacy counsel can assist an organization in drafting an incident response plan from scratch or reviewing and revising an existing one.

Once an incident response plan is in place, tabletop exercises are a great way to practice responding to a security incident in a controlled environment, leading to increased familiarity and response time if an actual incident arises. These can be facilitated by data privacy counsel as well as insurance brokers and/or technology firms. These exercises allow staff to practice a cyber disaster scenario that speaks to that particular organization's risks, resources and operational needs. Such practice can mean the difference between a successful recovery from a cyber incident and suffering undue delays while the team attempts to learn the plan as they deal with a crisis.

Another consideration is limiting the risk footprint of an organization. While this falls outside the technical preparations for a cyber incident, it can be critical for limiting an organization’s potential exposure to legal obligations to notify business partners, clients and individuals. An organization should periodically revisit its data retention policy and audit its data in order to determine how much sensitive data exists, where that data may live in the environment, and assess whether it is actually needed for business purposes. An organization that stays on top of its data can make the difference between having to notify a handful of individuals versus thousands in the case of keeping employee data going back decades, for example.

While threats are an ever-present concern for organizations, world developments, like the recent attacks on Iran, are a reminder that those threats are real, always evolving and may be increased due to efforts to retaliate against the U.S. off the battlefield.

When in doubt, businesses can consult with trusted external legal counsel for guidance on ensuring proper steps are taken in preparation for responding to a cyberattack. If you have any questions regarding your company’s position and potential for improvement, reach out to McDonald Hopkins’ national Data Privacy and Cybersecurity practice group.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.

trellis19