Boards Warned on Increased Middle East Cyber Risk

Law firm Gilbert & Tobin has issued sage advice for Boards and senior management regarding the heightened cyber security risks from the Middle East conflict. 

Materially Increased Risk 

Gilbert & Tobin say the escalating armed conflict in the Middle East has “materially increased cyber risk for Australian organisations”.  S&P Global Ratings recently observed that the war and broader geopolitical tensions have driven a significant increase in state-sponsored cyberattacks.   

Common targets are critical infrastructure, financial services, government and the private sector. The attacks typically attempt to dislocate essential services, disrupt supply chains and destabilise economies. 

Reports from cyber security specialists indicate an increase in phishing campaigns, ransomware-style attacks, data exfiltration and malware deployment targeting energy systems, financial institutions and government networks. Critically, supply chain links mean organisations well outside the immediate conflict zone, including in Australia and New Zealand, face indirect but material risk.  

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has also been actively issuing alerts concerning the exploitation of network infrastructure by sophisticated threat actors, including state-sponsored groups. 

This is not a hypothetical risk. Modern conflicts routinely extend into cyberspace. For affected organisations, the consequences can include mandatory regulatory reporting obligations, enforcement actions, economic and reputational harm and litigation. 

Actions You Should Take 

Gilbert & Tobin recommend the following immediate steps: 

1. Board acknowledgement and oversight Boards should formally acknowledge the heightened external cyber threat environment at their next meeting. Directors should require the Chief Information Technology Officer and Chief Information Security Officer to review their organisation's current exposure to the external threat landscape and report back to the board on assessed risk and actions being taken. The reporting should address the adequacy of existing security controls, any gaps identified and a timeline for remediation. Active board engagement on cyber risk is increasingly expected by regulators and is consistent with good corporate governance. 

2. Proactive threat intelligence and risk posture review CITOs and CISOs should proactively review threat intelligence feeds from the ACSC, industry information-sharing bodies and trusted commercial threat intelligence providers. This includes monitoring for indicators of compromise associated with state-sponsored and hacktivist groups linked to the conflict, reviewing the organisation's risk posture against current attack vectors (including spear-phishing, ransomware and exploitation of network edge devices) and ensuring that detection and monitoring capabilities are calibrated to the heightened threat level.  Organisations should ensure they are subscribed to ACSC alert service and are acting promptly on advisories. Organisations using a Managed Services Provider should engage with them to understand how they can support this review and uplift. 

3. Cyber insurance policy review Organisations should urgently review their cyber insurance policies for exclusions relating to war, armed conflict, or nation-state actors. In the current environment, where the lines between criminal cybercrime and state-sponsored operations are increasingly blurred, there is a real risk that insurers may seek to rely on these exclusions to deny or limit claims.  

4. Incident response plan testing Organisations should test their cyber incident response plans now. This includes conducting tabletop exercises that simulate scenarios relevant to the current threat environment, such as a ransomware attack attributed to a state-linked actor, or a supply chain compromise originating from a conflict-affected region. Organisations should proactively identify key response contacts, including forensic vendors, external legal counsel, insurers and relevant regulatory notification contacts and ensure those details are current and accessible. 

   
   

5. Supply chain and third-party risk assessment Organisations should review their supply chain and third-party dependencies for exposure to the conflict and associated cyber threats. Threat actors are known to exploit interconnections between organisations.  Compromised suppliers and service providers can have cascading effects. Your review should prioritise third parties with operations in, or connections to, the affected region, as well as critical technology and infrastructure providers. 

Local Support 

Generic Systems Australia is always available to help Australian and New Zealand organisations enhance their cyber security through the world’s leading Managed File Transfer solution, GoAnywhere MFT. 

If we can help you consider how MFT can affordably bolster your cyber security in these troubled times, please get in touch.