The Director’s Cut: Cloud Disruption as Iran Retaliates

Cloud Disruption as Iran Retaliates

After U.S.-Israeli military action in Iran, security teams braced for a surge in high-impact cyberattacks. Instead, much of the activity reported so far appears fragmented: low-level denial of service attacks, opportunistic compromises, and attempted disruption that is noisy but not strategically decisive.

The more consequential development is a shift from purely digital retaliation to physical interference with digital infrastructure. Several drone strikes damaged AWS data centers in the U.A.E. and Bahrain, triggering power disruption, fires and water damage, and prompting AWS to advise some customers to relocate workloads to other regions. For directors, it’s a reminder that cloud availability can be disrupted by regional conflict, even when cyberattacks don’t materialize at scale.

This reframes oversight from “Are we being hacked?” to “How could we be disrupted?”

Regional conflict can degrade connectivity, energy supply, data center operations, and third-party service delivery, creating IT outages and business interruption without a breach. Even organizations far from the region may carry hidden exposure through cloud regions, telecom routing, managed service providers, or outsourced operations.

Boards should ensure management has mapped these dependencies, stress-tested resilience assumptions, and defined clear decision rights for workload relocation, continuity measures, and communications if disruptions occur with little warning.

Questions Directors Should Ask Management

• Which third parties in (or dependent on) the Middle East support our operations, and how are we validating their resilience assumptions (power, facilities, connectivity, staffing)?
• How do our cyber insurance and business interruption expectations hold up if disruption is caused by conflict-related outages rather than a confirmed cyber incident?
• If the conflict persists, what proactive steps are we taking now to reduce continuity risk for operations in (or dependent on) the Middle East?

Agentic AI Will Make Supply Chain Risk Explosive

Infosecurity Magazine reported on two critical flaws in n8n, a widely used automation tool that helps companies connect applications and build AI-enabled workflows. The weaknesses could have allowed a legitimate user to gain far broader access than intended and extract sensitive “access keys” stored in the platform such as the credentials that let systems talk to cloud services, databases, and AI providers. While fixes were released quickly, a second flaw that bypassed the first fix was found within 24 hours, underscoring how volatile security can be in fast-growing AI tool ecosystems.

Boards should view this as a preview of what’s coming as agentic AI scales: thousands of AI agents operating 24/7, accessing data and initiating actions across the business and its suppliers. Recent research from Zscaler found 75% of companies have deployed or are testing agentic AI, yet about half lack governance guardrails. Further, 81% still rely on legacy architectures and nearly two-thirds say infrastructure complexity impedes response. In that environment, a single supplier weakness can quickly become a widespread business disruption. A zero trust approach that explicitly limits what agents can access and which systems they can interact with becomes a core containment strategy.

Question Directors Should Ask Management:

• If one AI agent, credential, or supplier account is compromised, what prevents that from cascading across our systems? How do we know it works?

AI Lowers the Barrier to High-Impact Attacks

Researchers uncovered an attack in which a hacker used an AI chatbot to plan and execute intrusions against multiple Mexican government organizations, resulting in the theft of a large volume of sensitive data. The key takeaway is not the specific targets; it’s how the work got done. Instead of needing deep technical expertise, the attacker used AI to identify weaknesses, generate step-by-step instructions and scripts, and troubleshoot problems along the way. With cheap, widely available tools and a layer of distance between the attacker and the technical details, AI can reduce cost, effort, and personal risk while increasing the speed and scale of harm.

For boards, this is a reminder that modern attacks will increasingly be AI-assisted and fast-moving, compressing the time defenders have to detect and respond. Organizations need a modern architecture that strictly limits access and contains blast radius when accounts or systems are misused. They also need to fight AI with AI: automated detection and response to spot abnormal behavior, credential misuse, and rapid lateral movement faster than humans can keep up.

Question Directors Should Ask Management:

• As attackers use AI to accelerate intrusions, how are we strengthening zero trust containment and deploying AI-assisted detection/response so we can stop attacks before they spread?

Insider Risk: When “Trusted Access” Becomes a National Security Exposure

A senior executive at a U.S. defense contractor was sentenced to prison after admitting he stole and sold highly sensitive hacking tools to a Russian exploit broker in exchange for cryptocurrency payments. Prosecutors said the tools could have enabled access to millions of computers and devices worldwide. The case is a stark reminder that some of the most damaging cyber incidents don’t start with an external hack; they start with a trusted insider who already has legitimate access, knows where the most valuable assets are, and can remove them quietly.

For boards, the governance lesson is that information has value, and insiders—for a variety of reasons—can misuse legitimate access to steal it, whether the asset is a sophisticated hacking tool, proprietary IP, or customer data. Managing that risk requires more than background checks and policies; it means designing operations so that no single individual can access, copy, or move high-impact tools or data without strong controls, monitoring, and accountability.

Question Directors Should Ask Management:

• What controls ensure unauthorized insiders cannot access, copy, or transfer our most sensitive data without detection? How are we testing that those controls work in practice?

***

Zscaler is a proud partner of NACD’s Northern California chapter. We are here as a resource for directors to answer questions about cybersecurity or AI risks, and are happy to arrange dedicated board briefings. Please email Rob Sloan ([email protected]), VP Cybersecurity Advocacy at Zscaler, to learn more or to get a free hardcopy version of Cybersecurity: Seven Steps for Boards of Directors.