Cybersecurity Roundup: Tightening Up Election Security
Election security offers big opportunities for MSSPs.
What better time to discuss election security, or the lack thereof, than President’s Day?
Problems with the Iowa Democratic Caucus and a bipartisan Senate Intelligence report confirming Russian interference in the 2016 election are raising concerns about the security and accuracy of upcoming primary and general elections.
So what needs to be done by who to secure upcoming elections? To find out more, we spoke with David Mason, director of channel partner success at SiteLock.
Channel Futures: What aren’t those holding elections doing what they should be doing to ensure optimum cybersecurity? And what aren’t candidates doing that they should be doing?
David Mason: Those who are holding elections are running on a tight budget, which limits the amount of resources they can allocate toward increasing cybersecurity measures. Hackers are becoming increasingly sophisticated, so those holding elections need to do more to ensure optimum cybersecurity to protect voter information and guarantee accurate election results. This can be achieved by choosing an MSSP that offers a wide range of security solutions and the right level of expertise to help build out a package tailored to the customers budget and specific security needs.
SiteLock’s David Mason
When it comes to candidates, they should not only partner with security experts to ensure their campaign is protected from hackers, but also ensure that cybersecurity is a part of their platform. Once in office, these elected officials can make sure we implement the necessary policies to increase innovation and funding to guarantee future elections are not affected by malicious actors. One of the best ways a candidate can achieve this is by partnering with a trusted MSSP that can not only audit existing security practices, but also provide clear guidance on how to build a comprehensive and bulletproof security strategy.
CF: How can MSSPs and other cybersecurity providers help ensure secure elections?
DM: To ensure elections remain safe, MSSPs and other cybersecurity providers must first ensure they have a … comprehensive portfolio of security solutions to meet the specific security needs of these clients including endpoint, website and email security solutions at a variety of price points. If they have these solutions available, they could consider volunteering these services or offering them at a discounted rate that election organizers can afford. By expanding these offerings to election officials and polling places, MSSPs and cybersecurity providers can ensure safe elections while further reinforcing their reputation in the community as a trusted security advisor and resource.
CF: Is the shortage of cybersecurity talent impacting elections? If so, what can be done about that?
DM: The shortage of cybersecurity talent is impacting the entire industry and is sure to affect elections. Because cybersecurity professionals are high in demand, they can be selective about what companies and projects they work for. If elections are unable to offer these professionals the compensation they require, it will be difficult to …
… attract adequate talent. To help fill any gaps, consider leveraging an MSSP as an alternative solution. An MSSP will already have this talent in place and will also offer robust security solutions and training.
If budget adjustments are out of the cards, election officials should invest in cybersecurity awareness training so that their current team members can do their part to keep the elections secure.
CF: How can election officials identify threats and utilize top talent to protect the polls?
DM: Since most election officials don’t come from a cybersecurity background, it is important that they are proactive about planning and partner with [an] MSSP that offers a wide range of cybersecurity solutions as well as proven expertise to provide guidance and recommendations on how to best protect themselves. Election organizers should also provide polling officials with the necessary cybersecurity training to ensure they are prepared in the event of an attempted interference. As demonstrated by the failed Iowa Caucus app, technology can make elections more difficult if officials are not properly trained.
Automation also can help ensure safe elections, according to Terry Simpson, technical evangelist at Nintex. One of the primary benefits of automation is predictable and consistent execution of processes, he said.
“Most process automation involves configuration with rules-based logic that reduces risk of human error and interference, and increases processing capacity,” he said. “A solid automation platform, combined with proper governance and testing, will result in safer election processes.”
Automation solutions are available to anyone and everyone these days, Witt said. Ease of use and rapid implementation can allow campaigns and election managers to automate key processes quickly.
“Use cases might include online forms for rapid, accurate information-gathering, workflows to manage communications and document reviews;,and analytics dashboards to visualize key progress metrics,” he said. “Platforms like this make it possible for non-technical citizen developers to ensure the integrity and accuracy of election-related processes.”
Survey Shows Many Customers Ditch Companies After a Cyber Breach
A new survey by Security.org shows a significant portion of customers may never do business with a company after it’s been breached.
More than 1,000 people were surveyed, including more than 300 data breach victims, and among the findings:
Nearly one in four people stop doing business with companies that have been hacked, and more than two in three people trust a company less after a data breach.
More than one in five is unwilling to give their financial information to a company that’s been hacked.
Ninety-two percent of people agree that companies are financially liable to their customers after a breach.
Less than one in 10 people will give a company their financial information within a month after they’ve been breached.
Ryan McGonagill, Security.org’s CMO, tells us that once a data breach has occurred, the best possible course of action is transparency. Companies need to be able to explain to customers that they’ve identified how the data breach occurred and present a …
… clear, focused course of action detailing how it’s being remedied, how it won’t happen again, and what those affected can do to protect themselves from potential damages, he said.
Security.org’s Ryan McGonagill
“Depending on the nature of the breach and the information taken, it may also be necessary to make good-faith financial restitution or offer a complimentary service – such as we’ve seen with free credit monitoring from Equifax,” he said.
Cybersecurity providers are an integral component of companies’ efforts to repair customer perception, and they’ll most certainly be included in the dialogue with customers about how future data breaches won’t happen, McGonagill said. Depending on the provider, they may also be involved with the initial forensic fact-finding about how the data breach occurred in the first place. A company’s partnership with a knowledgeable cybersecurity provider can go a long way towards restoring customers’ perceptions after a breach, he said.
In the current climate, a case can be made that not being breached may actually be a competitive advantage, McGonagill said.