Cybersecurity experts are warning that the risk of an Iranian state-sponsored cyberattack against the U.S. remains high. For the last week, there has been concerns Iran might retaliate against the U.S through cyber measures. While both sides seem to now be actively working towards lowering tensions, security experts still believe individuals, as well as the cyber industry as a whole, needs to be prepared for the worst.

The Iranian Major General in the Islamic Revolutionary Guard Corps, Qasem Soleimani, was killed in Iran on January 3rd, 2020 by a U.S. airstrike ordered by President Trump. In retaliation, Iran responded with a physical attack on places of U.S. military interest within Iraq. However, the more pressing concern for many has been that Iran might opt to accompany the physical response with a cyberattack. Especially considering cyberattacks are historically the nation’s preferred response when dealing with the U.S.

While tensions do appear to be subsiding between Iran and the U.S., industry experts discussing the situation during the WSJ Pro Cybersecurity Symposium in San Diego this week warned the threat should not be considered over. The experts are particularly concerned that Iran might still retaliate further. Adding that if Iran does take further aim at the U.S., then the response “is likely to include a cyber component” of some form.

More Than Just An Immediate Cyber Threat Warning From Iran

When it comes to certain countries, Iran included, the threat of a cyberattack is more of a concern than a physical one even though the human ramifications might not be as immediate. The reason for this is the long-term and widespread effects that might result from a cyberattack, as the human cost of these would continue to escalate beyond the initial attack. Especially following a highly targeted, sophisticated and successful attack on nationwide systems, including critical infrastructures. Attacks like these against the U.S. are often more appealing than physical responses as they provide some degree of plausible deniability, and therefore act as a way of responding without outright declaring war in the traditional sense. Evidence of this was seen in the initial response by Iran as while it targeted U.S. bases, it strategically did so when it could increase the likelihood of less U.S. casualties. Again, a way to attack without inciting further direct responses by the U.S.

Even without an actual attack taking place, the experts are warning the fear of an attack might be enough on its own to cause damage to a degree. The warning is that many companies are now feeling in a state of limbo with no clear direction on what they should be doing to protect themselves. Further adding to the fear, and the need to prepare, the experts suggest insurers might not be there if and when a company needs them following a non-physical attack. For example, while there are plenty of cyber-related insurance plans out there to choose from, the fear is some insurers may turn to protection under the war exclusion (or hostile acts) clause. In principle, these acts protect insurers from having to pay out when one sovereign nation engages in a war-like action against another. The cyberattack caveat is similar to what homeowners face when dealing with insurance companies over acts of God exclusions.

More: Pentagon To Soldiers: Don’t Use Consumer DNA Test Kits

Source: WSJ