Financial services firms and critical infrastructure operators in Jersey are being urged to strengthen their cyber defences as tensions in the Middle East raise the risk of indirect attacks.
The Jersey Cyber Security Centre (JCSC) said there has been no increase in direct cyber activity in the islands since the outbreak of conflict involving Iran.
The National Cyber Security Centre in the UK said: “There is likely no current significant change in the direct cyber threat from Iran to the UK, however, due to the fast-evolving nature of the conflict, this assessment may be subject to change.”
But the NCSC warned that there is almost certainly a heightened risk of indirect cyber threat for organisations with a presence or supply chain in the Middle East.
In Jersey, financial services businesses trading with partners or customers in the region, along with operators of critical infrastructure such as energy and telecoms, could become targets for both state-backed and activist hackers.
The concern is not just direct attacks, but disruption through global networks. Cyber and physical attacks have already hit data centres, telecoms providers and cloud services in the Middle East.
While the direct impact on the Channel Islands is expected to be limited, any disruption to suppliers or partners could have knock-on effects locally.
There are also growing pressures on supply chains, with conflict affecting key resources, potentially driving up the cost, and reducing the availability of computer equipment.
The JCSC also highlighted the evolving tactics of Iranian cyber-actors, describing them as “very capable”. With internet access heavily restricted inside Iran, much of the country’s online activity is now routed through other nations, making attacks harder to trace.
This means traditional measures, such as blocking traffic from Iranian sources, are unlikely to work. Instead, organisations are being urged to monitor for unusual behaviour within their networks.
Businesses are advised to review their cybersecurity controls, brief staff on risks, and test incident response plans.
The JCSC added that the true scale of cyber activity linked to the conflict may only become clear once internet restrictions in Iran are lifted.