Skip Ribbon Commands
Skip to main content

Precautionary Measures to Reduce Your Cyber Risk

20/01/2020


With the recent increase in tension between Iran and western nations, MNP is encouraging vigilance among Canadian businesses and recommend you thoroughly review your current cyber security controls. While our team is not aware of any specific cyber security threat or attack campaign in progress, the potential for one is always present — and given the current climate, even more likely than normal.

Industries that Iranian threat groups have previously targeted or are likely to target in the future include:

  • Manufacturing
  • Oil and gas
  • Public sector and government agencies
  • Post-secondary institutions
  • Research organizations
  • Airlines

Know What to Expect

To reduce your risk exposure and prepare yourself for any possibility, we urge your cyber security teams to review the common tactics, techniques and procedures (TTPs), as documented in the MITRE Corporation’s ATT&CK database.

APT33 — Suspected Iranian threat group that has previously targeted aviation and energy businesses in the U.S., the Middle East and Asia. Read More…

ATP39 — Iranian cyber espionage group that tends to target the telecommunications and travel industries with the specific aim of gaining access to personal identifiable information. Read More…

Charming Kitten — Iranian cyber espionage group that targets academic, human rights and media personalities, specifically focusing on email and Facebook as points of access. Read More…

CopyKittens — Iranian cyber espionage group that has previously targeted governments in the U.S., the Middle East and Europe. Read More…

Immediate Steps You Can Take

Whether or not you believe your organization is an imminent target, take this opportunity to review your processes, controls and procedures and ask some pointed security questions — including:

  1. Review and test your cyber incident response plan
  2. Ensure team members are aware of all cyber security policies and procedures — and feel empowered to report any suspicious activity (e.g. emails, etc.)
  3. Is all your software and firmware up to date?
  4. Have you backed up all sensitive and necessary information to an offline source?
  5. When was the last time you conducted a cyber maturity assessment?

MNP Can Help

You can never be too safe; especially in times of great uncertainty. No matter where you are in Canada, we have a national cyber security team member nearby ready to assist with any questions or concerns you might have.

For more information, contact:

​National
Danny Timmins, CISSP
National, Cyber Security Leader
[email protected]

​B.C.
Peter Guo, CPA, CA, CISA, ABCP, MBA
B.C. Leader, Enterprise Risk Services
[email protected] 

Elizabeth Vannan
B.C. Leader, Technology Solutions
[email protected]
Alberta
Trac Bo, CPA, CA, CISA, CRISC, ABCP, CGEIT
Technology Risk Services Leader
[email protected] 

Saskatchewan
Sean Devin
National Leader, Technology Solutions
[email protected] 

Manitoba
Gustavo Meschler, CISA
Partner, Enterprise Risk Services
[email protected]

Brian Beveridge, CMC
Partner, Technology Consulting Services
[email protected] 
Ontario
Eugene Ng, CISSP, PCI QSA, BCOMM
Eastern Canada Cyber Security Leader
E: [email protected] 

Hash Qureshi, PA, CMA, CRISC, CISA, CISSP, CRMA, P.ENG, MSC
Partner, Enterprise Risk Services
[email protected] 
Quebec
Tom Beaupre, QSA, CISSP, CISA, BS
Quebec Cyber Security Leader
[email protected]