Full Report
The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know — and how Tenable can help.The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security's (DHS) National Terrorism Advisory System (NTAS) bulletin, issued on June 22, 2025, serves as a stark reminder of the volatile environment that organizations and their cyber leaders operate in. It specifically highlights the "heightened threat environment" stemming from U.S. involvement in the ongoing conflict between Israel and Iran, noting the likelihood of cyberattacks from both pro-Iranian hacktivists and state-affiliated actors.Likewise, U.K. Prime Minister Sir Keir Starmer remarked at a NATO summit this week that the likes of Iran and Russia were carrying out cyber attacks "on a regular basis" and the U.K. needs to be prepared for them.And in fact, according to a report by ABC News, hackers backing Tehran have already targeted U.S. banks, defense contractors and oil industry companies since the military bombings, although no widespread disruptions have been caused yet.According to the article, “Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend. The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.”This isn't just a geopolitical issue; it's a direct and immediate challenge to every organization, public and private, operating within the U.S. and beyond. As the DHS bulletin explicitly states, these actors "routinely target poorly secured U.S. networks and Internet-connected devices for disruptive cyber attacks." This isn't about if you'll be targeted, but when and, more importantly, how prepared you are to weather the storm.The new normal: Geopolitical conflict and cyber reckoningFor too long, cybersecurity has often been viewed as a reactive discipline. Exposure Whac-a-Mole®. But in an era where geopolitical tensions translate directly into digital aggression, a reactive stance is a recipe for disaster. We're seeing critical infrastructure, often including operational technology (OT) environments, in the crosshairs. These are the systems that power our cities, deliver our water and fuel our economies. A disruption here can have catastrophic, real-world consequences.Learn how you can use Tenable products to shore up your defenses. Read the blog Frequently Asked Questions About Iranian Cyber Operations.Consider the recent history of Iranian-linked cyber activity, which includes breaches of U.S. water infrastructure and attempts to disrupt critical sectors. These aren't abstract threats. They’re documented and impactful. The DHS bulletin, in addition to insights from the Tenable Research Special Operations team, underscores that the risk extends beyond traditional IT networks, emphasizing the need for comprehensive security across all interconnected systems.Mitigation recommendationsFrom a practical perspective in this heightened threat environment, we recommend the following immediate steps to strengthen your cyber defenses:Use strong passwords and enforce a strong password policyChange default passwords, especially on OT hardwareScan for and patch vulnerabilities in assets exposed to the internetEnable multi-factor authentication (MFA)Identify and prioritize your most valuable assets for remediationDevelop a remediation plan and continue to test and improve itSecuring the foundation: A call to action for OT environmentsThe specific mention of critical infrastructure in the DHS bulletin is a call to action for every U.S. organization that even touches operational technology (OT) systems. These environments, often characterized by legacy equipment and unique protocols, present distinct cybersecurity challenges. Tenable's expertise in OT security is more vital than ever and gives organizations the immediate ability to:Automate asset discovery and mapping: Gain a complete, up-to-date inventory of all your OT assets, from programmable logic controllers (PLCs) and remote terminal units (RTUs) to human-machine interfaces (HMIs), ensuring no critical component is left unmonitored.Detect and mitigate OT-specific threats: Leverage advanced detection engines tailored to industrial control systems to identify anomalous network behavior, enforce security policies, and track changes that could signal a breach in progress.Contextualize OT vulnerabilities: Understand the specific risks posed by vulnerabilities within your OT environment, taking into account firmware versions, proprietary research and the potential impact on operational continuity.Embracing exposure managementBeyond practicing strong cyber hygiene across IT and OT infrastructure, what more can organizations do to protect themselves? The answer lies in shifting their mindset from simply managing vulnerabilities to proactively managing exposure. Vulnerability management is crucial, but it's only one piece of the puzzle. Exposure management, however, provides a holistic view of your entire attack surface, allowing you to understand and prioritize risk in a way that traditional approaches simply cannot. This only becomes more important in the age of accelerated, AI-led attacks, which require incredible speed to outmaneuver.At Tenable, we believe that understanding your exposure is the only way to truly understand and reduce your cyber risk. Our Tenable One Exposure Management Platform empowers organizations to:See everything: You can't protect what you can't see. Our exposure management platform provides comprehensive visibility across your entire modern attack surface, scanning everything from IT assets to cloud resources, containers, web applications, identity systems and, critically, your OT environments. This unified view is paramount when adversaries are looking for the weakest link, regardless of whether it resides in your IT or OT infrastructure.Anticipate and prioritize: The sheer volume of vulnerabilities can be overwhelming. Tenable's platform goes beyond just identifying vulnerabilities. We leverage advanced analytics, including our industry-leading Vulnerability Priority Rating (VPR), to help you understand the true risk each vulnerability poses to your unique environment. This means you can focus your limited resources on addressing the exposures that matter most, the ones most likely to be exploited by threat actors like those highlighted in the DHS bulletin. This includes pinpointing weaknesses in your OT systems that could be leveraged for disruptive attacks.Communicate cyber risk effectively: Security is no longer just an IT concern. It's also a business imperative. The Tenable One platform enables you to translate technical jargon into clear, actionable insights that resonate with leadership. This allows for informed decision-making and ensures that cybersecurity is integrated into the broader business strategy, rather than operating in a silo.For details about the specific tools, tactics and techniques employed by Iranian nation-state actors and hactivists, and how you can use Tenable products to shore up your defenses, read the blog Frequently Asked Questions About Iranian Cyber Operations.ConclusionThe current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. It's no longer enough to react to threats, organizations need to anticipate them, understand their exposure and prioritize their defenses where they matter most. The DHS bulletin is a critical warning. Let it be the catalyst for your organization to embrace exposure management and fortify your digital infrastructure, from the data center to the factory floor. The time for action is now.
Analysis Summary
# Best Practices: Enhancing Cyber Resilience During Heightened Geopolitical Threat Landscapes
## Overview
These practices focus on immediate and long-term strategies required to fortify digital infrastructure against heightened cyber risks, particularly those amplified by military conflicts and nation-state/hactivist activity. The core theme is shifting from reactive security to proactive **exposure management** and embedding security into overall business strategy.
## Key Recommendations
### Immediate Actions
1. **Review DHS Bulletins:** Immediately review and action security guidance issued by the Department of Homeland Security (DHS), such as alerts regarding specific threat actors (e.g., Iranian groups).
2. **Enhance Threat Intelligence Consumption:** Immediately prioritize and integrate timely threat intelligence feeds concerning nation-state actors and hactivists relevant to your sector and geography.
3. **Conduct Urgent Asset Inventory Verification:** Verify the current, accurate inventory of all critical and internet-facing assets (including OT/IoT) to understand the precise attack surface.
### Short-term Improvements (1-3 months)
1. **Implement Exposure Prioritization:** Utilize tools and methodologies to identify and prioritize security vulnerabilities based on exploitability, asset criticality, and potential business impact (i.e., focusing on likely attacks, not just all vulnerabilities).
2. **Integrate Third-Party Data:** Integrate data from existing third-party security tools into a centralized management platform to gain a unified view of the exposure landscape.
3. **Strengthen Access Controls:** Review and enforce strict identity and access management (IAM) policies, potentially implementing Just-in-Time (JIT) access for sensitive systems, especially in the cloud environment.
4. **Patch Critical Vulnerabilities:** Aggressively prioritize and deploy patches for vulnerabilities known to be actively exploited, or those that present the highest risk based on current threat actor targeting.
### Long-term Strategy (3+ months)
1. **Adopt Holistic Exposure Management:** Transition security operations to an exposure management framework that provides continuous visibility across the entire attack surface—including cloud, traditional IT, and operational technology (OT).
2. **Ensure Business-Informed Security Decisions:** Implement mechanisms to translate technical security findings (vulnerabilities, risk scores) into clear, actionable business insights that resonate with leadership and support optimal business strategy.
3. **Integrate OT Security:** Develop specific strategies and dedicated solutions to extend security visibility and management to Operational Technology (OT) environments, connecting factory floors to the broader cyber strategy.
4. **Develop Emergency Response Playbooks:** Formalize and test emergency response and recovery playbooks specifically tailored for high-impact, state-sponsored attack scenarios.
## Implementation Guidance
### For Small Organizations
- **Focus on Fundamentals:** Prioritize the core hygiene steps: comprehensive patching, strong multi-factor authentication (MFA) everywhere, and aggressive reduction of internet-facing assets that are not strictly necessary.
- **Leverage Consolidated Platforms:** Utilize unified security platforms that integrate vulnerability, cloud, and identity exposure data to avoid managing disparate, siloed tools.
### For Medium Organizations
- **Establish Data Ingestion:** Begin integrating data from existing point solutions (e.g., cloud scanners, patching tools) into a central security data lake or exposure management platform for better cross-domain correlation.
- **Begin Risk Communication:** Start developing standardized reporting that translates security metrics into business risk terms for executive review meetings.
### For Large Enterprises
- **Mandate Exposure Management Deployment:** Fully deploy an enterprise-wide exposure management platform capable of ingesting data from all security domains (IT, Cloud, OT, Identity).
- **Cross-Functional Alignment:** Ensure security strategy review includes representation from IT, OT leadership, and business unit heads to prevent security operating in a silo.
- **Advanced Analytics:** Implement GenAI or advanced analytics capabilities to aid dynamic threat investigation and predictive risk assessment based on historical and current threat actor techniques.
## Configuration Examples
*Note: The article focuses on strategic adoption rather than specific command-line configurations. The following examples detail practical configurations aligned with the adopted principles:*
| Security Domain | Configuration Best Practice | Rationale |
| :--- | :--- | :--- |
| **Cloud Access** | Implement Just-in-Time (JIT) access for all privileged cloud roles. | Limits standing privileges, reducing the window of opportunity for compromise, especially relevant against sophisticated actors. |
| **Vulnerability Management** | Configure scanners to prioritize vulnerabilities based on known external exploitation (e.g., CISA KEV, threat intelligence feeds). | Ensures that patching efforts focus on risks actively leveraged by threat actors. |
| **Asset Inventory** | Deploy sensors/connectors for continuous monitoring of both IT and OT assets. | Necessary prerequisite for calculating accurate exposure across the entire digital footprint. |
## Compliance Alignment
The practices outlined align strongly with established frameworks focused on risk prioritization and comprehensive visibility:
* **NIST Cybersecurity Framework (CSF):** Focuses heavily on **Identify** (Asset Management, Risk Assessment) and **Protect** (Access Control, Maintenance). The call for proactive adoption fits the framework's goal of continuous improvement.
* **ISO/IEC 27001:** Mandates a systematic approach to managing sensitive company information, which necessitates the comprehensive asset visibility advocated by exposure management.
* **Center for Internet Security (CIS) Controls:** Recommendations map directly to the critical controls relating to Inventory and Control of Hardware/Software Assets, Continuous Vulnerability Management, and Account Management.
## Common Pitfalls to Avoid
- **Reacting Only to New Alerts:** Avoiding the trap of only addressing vulnerabilities flagged *today*; instead, always correlate new threats against the existing, known attack surface.
- **Operating in Security Silos:** Do not allow IT, Cloud, and OT security teams to operate independently without consolidated visibility and shared prioritization metrics.
- **Failing to Translate Risk:** Presenting leadership with raw vulnerability counts or technical scores without translating them into quantifiable business risk or financial impact.
- **Ignoring OT:** Treating Operational Technology (OT) as an isolated security concern, especially when nation-state actors often target this sector for disruptive effects.
## Resources
* **Exposure Management Framework Guidance:** Leverage concepts from platforms that unify data from IT, Cloud, and OT sensors for holistic risk assessment. (Referenced Product Category: Tenable One Exposure Management Platform)
* **DHS/CISA Alerts:** Establish subscription to relevant DHS Cybersecurity and Infrastructure Security Agency (CISA) bulletins for direct threat warnings, particularly those addressing sector-specific threats.
* **Cyber Risk Communication Training:** Focus on tools and methodologies that help security professionals translate technical data into business-relevant narratives for executive decision-making.