US-Iran conflict: What Western businesses should know about their cyber risk

Finally, companies should strengthen identity security. Iranian actors have frequently used phishing campaigns, stolen credentials and password reuse to gain access to corporate systems. “Using strong, unique passwords, limiting access privileges and monitoring employee identities online can go a long way,” Chan Tsin said. Multi-factor authentication (MFA) remains one of the most effective safeguards.