Organisations urged to “take action” by NCSC in wake of Middle East conflict

As a result of the ongoing conflict in the Middle East, there’s likely no current significant change in the direct cyber threat from Iran to the UK. However, due to the fast-evolving nature of the conflict, this assessment from the NCSC may well be subject to change. 

There’s almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence – or supply chains – in the Middle East. Iranian state and Iran-linked cyber actors almost certainly maintain at least some capability to conduct cyber activity.

Responding to the risk 

Organisations should prepare to respond to the risk of collateral impacts in the UK from Iran-linked hacktivists by reading previously issued advisories on DDoS attacks, phishing activity and ICS targeting. 

For organisations exposed to higher risk, for example those with offices or supply chains in the region, they should adjust their cyber security posture accordingly. Best Practice is to observe the NCSC’s actions to take when threat is heightened guidance and consider proportionate action to increase monitoring and review the external attack surface.  

The NCSC continues to encourage UK organisations to sign up to its Early Warning service in order to receive timely notifications of security issues affecting their networks.

Critical National Infrastructure 

In addition, given that this is an evolving situation, Critical National Infrastructure (CNI) organisations may wish to pre-emptively review the NCSC’s recently published guidance on actions to take now to prepare CNI organisations for severe cyber threat. 

For physical and personnel security risks, it’s best to refer to the guidance issued by the National Protective Security Authority. In particular, following the sabotage guidance will help in protecting sites from physical threats.

*Further information is available online at www.ncsc.gov.uk