Email security

How to run a cybersecurity company during the current crisis in the Middle East

Share
Israeli soldiers ride on a transport vehicle near Re’im, Israel, Tuesday, Oct. 10, 2023. Today’s columnist, Eyal Benishti of IRONSCALES, offers a three-step approach for cybersecurity companies as they navigate their efforts in the coming days. (MARCUS YAM / LOS ANGELES TIMES via Getty Images)

The world woke up on October 7th to the unthinkable. Yet another war broke out in the Middle East, bringing with it more senseless devastation, trauma, and loss of life.

As an Israeli-founded company with more than 60 employees based in Israel, we are deeply saddened by the events currently unfolding in Israel, and extend as much prayer, care, and support as possible to each and every IRONSCALES employee, customer, and partner in the region.

The magnitude of suffering and devastation seen in this conflict is unlike anything in recent memory, and we would like to emphasize that we stand firmly with the nation of Israel and its citizens, both at home and abroad. Our primary concern during these challenging times is the safety, well-being, and protection of our employees and other stakeholders. Many have already reached out to check in on our team members and offer their support, which is a testament to the quality and character of our wonderful community. Here my thoughts on how we need to proceed:

Lead with compassion in times of crisis

During challenging times like these, I feel that it’s vitally important to frequently touch base with all our global teams and ensure honest dialogue and lines of communication remain open across the company. Currently, our global teams are banding together to close gaps in coverage and ensure business continues to run as usual, so that our Israeli team members have the time and space they need to focus on the safety and wellbeing of themselves and their loved ones.

It’s essential that leaders lead with compassion first. Everyone has been affected by this tragedy in different ways, so there’s no single, one-size-fits-all action or statement that will address all needs and concerns of the entire team. That’s why communication is so important. When leading a team through a crisis, there are few things more powerful than a receptive ear and an open heart.

Remain vigilant in the face of inevitable opportunism

It’s also important to never let your guard down in the midst of a crisis. Whenever disaster strikes, bad actors will almost certainly follow. And sadly, malicious actors have already begun efforts to exploit the tragedy in Israel for personal gain. In fact, IRONSCALES received a phishing attempt that involved hackers posing as allies who expressed sympathy during the conflict, purporting to offer resources that instead contained a malicious link. If threat actors are levying these kinds of attacks against cybersecurity firms, it’s certain they are targeting a wide range of organizations.

At the same time, state-sponsored actors have already targeted The Jerusalem Post with multiple cyberattacks that caused the site to crash, leaving their readers without access to potentially vital information during a time of widespread confusion and fear. Meanwhile, Security Affairs has reported that Gaza-linked hackers and pro-Russian groups are actively targeting Israel’s private energy, defense, and telecommunications sectors, under a sprawling campaign being tracked as Storm-1133.

Finally, it’s also important to remember that malicious actors often use tragedies such as this to exploit the charitable initiatives that inevitably spring up in response. So, while I applaud and encourage any effort to offer support, people must be vigilant about how, where, and to whom to send donations. While many humanitarian organizations do set up online funds like Crypto Aid Israel, such efforts are often targeted by threat actors looking to exploit the cause by altering URLs and rerouting donations to their own accounts — just as we’ve seen happen during the Ukraine-Russia conflict.

Cybercriminals are quick to leverage periods of disorder and unrest to launch phishing campaigns for a number of reasons. First of all, widespread news coverage and social media attention breeds familiarity with the subject, making it top of mind and lending a sense of urgency to their communications. Second, because people become invested in the ongoing events and are eager to stay abreast, they are more likely to open an email or click a link related to the event. Most important, tragedies present opportunities for cybercriminals because, at the end of the day, the world is filled with good people. So, when tragedy strikes, there’s a flood of caring people looking for ways to help, which is fertile ground for scams.

Be your own best defense against cyber threats

In our efforts to support those affected by these events, it’s important to remain vigilant towards one’s own security. While living through unprecedented times, sometimes the best defense can be adherence to the tried and true, everyday best practices of communications security — including steps such as verifying display names and email addresses, comparing the sender's domain name with that of the company, and exercising caution when faced with unusual or urgent requests.

If there’s any doubt regarding the message's authenticity, don't click on any links or call any numbers provided in the email. Instead, forward the email to the IT-Security team for analysis. Even if an email appears to be from a known company or individual, trust your instincts. Reach out to the sender through a separate, reliable contact method to verify the message.

Remember, prioritizing caution and safety is always preferable to regretting the consequences. If you suspect a phishing attempt, report it to the IT-Security administrator. This protects you and the organization, and safeguards colleagues who might have received a similar email.

It’s often at humanity’s lowest points and darkest hours that we are reminded of the power and importance of standing together. When the bad actors of the world seek to sow division and incite despair, we must place our faith in the strength of our own solidarity — coming together to care for the victims of this current tragedy, and do everything we possibly can to prevent the next.

Eyal Benishti, chief executive officer, IRONSCALES

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.