You did not sign up for this, but you are finding yourself in the trenches of a cyber war which is slowly but surely moving from a cold to a hot stage. The latest development is that the cyber warfare threat rises as Iran and China agree on a 'united front' against the U.S.
Iran’s ICT Minister Mohammad Javad Azari Jahromi said last week, "to confront U.S. unilateralism and hegemony in the field of IT." For confront read "offensive actions," and for IT read "cyber."
Jahromi followed this with similar comments in Beijing a few days later, when he met his opposite number Miao Wei. The ministers discussed "common challenges" in the face of "U.S. unilateralism," of which Jahromi said, “we are facing similar challenges, so we need to find common solutions."
Zak Doffman, contributor at Forbes said: "The Iranian minister accused the U.S. of "spreading its hegemony on new strategic technologies such as artificial intelligence," and criticized Washington's actions against Huawei and ZTE.
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS issued a blanket warning about a"recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies... using destructive ‘wiper’ attacks, looking to do much more than just steal data and money."
CISA warned that "these efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network."
Also last month, the National Security Agency confirmed that "there have been serious issues with malicious Iranian cyber actions in the past. In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place.""
I suggest you send a link to your C-Level execs to this article in Forbes that gives more background. It certainly illustrates the need for more InfoSec budget: