June 26, 2020
Election cybersecurity has become a hot topic amid problems with primary voting and security flaws in online voting.
And election cybersecurity concerns are expected to intensify as we get closer to the 2020 presidential election.
Russia’s attempts to infiltrate vulnerable voter systems, and rising public health concerns about in-person voting highlight the need for a different model that is modernized and secure to address election cybersecurity.
Druva’s W. Curtis Preston
W. Curtis Preston is chief technical evangelist at Druva. He believes an authenticated cloud-based approach may be the best election cybersecurity solution. It would ensure a fair and accurate election without the inevitable election cybersecurity issues like voting malfunction or national security threat, he said.
Voting through the cloud also serves as a way to protect public health and can help citizens dodge the threat of COVID-19 come November, he said.
We spoke with Preston to find out more about election cybersecurity.
Channel Futures: Based on problems that already have occurred, and if any changes aren’t made, is the 2020 election set to be even more problematic? If so, why?
W. Curtis Preston: The big concern is that due to COVID-19, some people might not be able to vote. Democrats are suggesting more mail-in voting and Republicans have security concerns about this. But the reality is that without some major change, voting on election day will be very difficult.
CF: What isn’t being done that should be done to secure the voter process?
WCP: The current status of our election systems do not make use of advancements in other technological fields from the past decade, and still rely on outdated voting machines that are highly susceptible to sophisticated attacks, cyberthreats, and foreign interference. Just a few years ago, the United States became exposed to Russian threats where hackers targeted election systems and voting databases in all 50 state,s and were in a position to delete, tamper with or change voter data. In efforts to combat this, Congress provided states with $425 million in funding for upgrading voting equipment, cybersecurity training and other steps to secure elections. However, cybersecurity experts and officials close to the cause know that this funding is only a just band-aid to a much more complex problem, and won’t be enough to ensure widespread election security in the future. In order to guarantee elections remain cyber resilient from internal and foreign threats, it’s imperative to rethink the way systems are designed and implemented. It is time for officials at the federal and state levels to take action and look towards a different model that embraces modern technology.
CF: How can an authenticated cloud-based approach better secure the voter process?
WCP: Cloud technology is a strong and dependable backbone, upon which any type of trusted system can be built on. The world’s largest enterprises and most security-focused organizations use a public cloud infrastructure to accomplish their computing goals. Major cloud providers even have specific versions of their products that are tailored to the government (e.g. AWS GovCloud). The security practices of these major cloud vendors have been vetted and certified by multiple organizations, leaving little doubt that the back end of these systems are extremely vigilant and secure.
CF: How is voting through the cloud safer?
WCP: In terms of the pandemic, utilizing an error-proof, cloud-based voting system would allow individuals to vote without having to leave their home, which would likely resonate well with many civilians trying to maintain their health and safety during COVID-19. Voting through the cloud offers the utmost security posture and several layers of multifactor authentication. Cloud technology permits voters to authenticate and validate identities by logging into a secure site with a unique username and password combination. Users can then enter a personalized PIN number that is shared prior to the election itself. These added security measures will only make voting through the cloud safer than the traditional forms of voting that are available today.
CF: Does an authenticated cloud-based approach present challenges/opportunities for MSSPs and other cybersecurity providers? If so, can you give some examples?
WCP: It shouldn’t present any more challenges than any of the thousands of other systems they secure on a daily basis. Cloud technology is used…
…to secure the most critical parts of our government infrastructure, and this would require no more or less security than that.
CF: How difficult/costly would switching to an authenticated cloud-based approach be?
WCP: It would require heavy development and testing, including penetration and other attack testing. It would have to be implemented and tested slowly, well in advance of any election cycle. This means, of course, that it isn’t possible to do this before the next election.
CCPA Compliance Deadline Looming
The pandemic has delayed a number of government initiatives. But California’s Attorney General isn’t giving companies any leeway when it comes to complying with the California Consumer Privacy Act (CCPA)
CCPA enforcement starts on July 1. And the California Privacy Rights Act (CPRA) is getting closer to the November 2020 ballot. There are a number of things both businesses and consumers need to consider, even if they aren’t based in California.
IntraEdge’s Dan Clarke
Dan Clarke is president of IntraEdge. It’s the the company behind Truyo, an Intel-backed General Data Protection Regulation (GDPR)-and CCPA-compliant data privacy platform.
Companies that are non-compliant with CCPA can expect the attorney general to issue a 30-day notice to cure, Clarke said. The attorney general has said he is not taking non-compliance lightly, he said.
“In addition, a business could get consumer-oriented complaints via the complaint form, which could lead to potential damage to the brand’s reputation,” he said. “And lastly, the fines can reach upwards of $2,500-$7,500 per incident if intentional.”
It could be too late to become compliant before the deadline, Clarke said. However, that doesn’t mean companies should continue to neglect it, he said.
“Companies should have been compliant since Jan. 1,” he said. “And at a minimum companies should have the proper and visible notice, be able to intake and process privacy rights requests and create evidentiary logs.”
An end-to-end automated solution is crucial to ensure a rapid response and the ability to scale with any privacy needs, Clarke said.
“Organizations should evaluate technology with the ability to track and log requests, reporting the type and number of requests made by each individual for auditing purposes, and streamline identity validation communication with data subjects,” he said.
The CPRA expands on CCPA by creating new privacy rights allowing consumers to stop businesses from using sensitive information. It also extends the exemption of employment data, safeguards the selling of a minor’s data by tripling the fines. And it establishes an enforcement body in the California Privacy Protection Agency.
“Organizations should have CPRA top of mind,” Clarke said. “It is still unclear whether or not it will pass come November, and they should have a pass/no pass strategy in mind.”
Watch Out for Glupteba
One of the most noteworthy trends in cybercrime right now is the commoditization of attacks. That means anything a cybercriminal needs is available at a price.
That includes networks of infected devices that can be harnessed to distribute malicious content. Glupteba, for example, is a backdoor that has evolved into a stealthy and complex malware-distribution network.
This week, SophosLabs published a report that examines the latest tools, techniques and procedures used by Glubteba, particularly its ability to avoid detection and secure persistence. Other key findings from SophosLabs’ research include:
Glupteba infects a computer to deliver additional malware payloads without being readily detected.
One of the most common payloads is a cryptominer. However, once installed in a victim’s network, it can download and execute additional tools to exfiltrate device data, install rootkits and more.
Glupteba’s developers have spent an inordinate amount of time working on features to conceal the bot from detection.
Sophos’ Andrew Brandt
Andrew Brandt is Sophos’ principal researcher. He said the normal, general precautions apply here as much as anywhere else. Don’t run stuff you shouldn’t, keep everything patched and always make sure you have some sort of malware protection on your computer.
“The malware appears to be relatively prolific on illicit download sites,” he said. “We’ve found a lot of samples by hunting through the kinds of places people end up when they’re looking to download pirated software. They’ve managed to bundle themselves into a lot of games, as well as commercial applications like the Adobe creative suite.”
This is a major update to Glupteba since it was first observed three years ago, Brandt said.
“We know they’re interested in using…
…a wide variety of methods to accomplish their goals, and they are capable of leveraging open source and public exploit methods or tools to do what they want, so they don’t have to spend as much time tooling the rest of their attack chain,” he said. “I’d guess their development style is based on pragmatic expediency more than a desire to push the envelope.”
Nucleus Cyber Unleashes Latest NC Protect
Advanced information barriers, security scopes, private channels and guest access controls simplify and enhance out-of-the box security. This prevents data loss, misuse and unauthorized access to, and sharing of business-critical information in Microsoft Teams files and chats.
Nucleus Cyber’s Kurt Mueffelmann
Kurt Mueffelmann is Nucleus Cyber’s CEO. He said many organizations rushed to deploy Microsoft Teams as remote working gripped the nation. And corners were cut when it came to security of the information within Teams, he said.
“Partners are now able to offer customers an advanced information protection solution for new or existing Teams and other Office 365 app deployments without expensive licensing, upgrades or complex rules,” he said. “NC Protect is designed to be deployed and administered in a simpler, easier and more cost-effective manner than native tools. It also allows customers to feel confident that they have appropriate control over the files, chats and channels within each Team site.”
Microsoft Teams has seen explosive growth from 20 million to over 75 million users in the past few months to support remote work. However, a recent survey shows data loss has spiked in the wake of remote work. This stems from downloads of classified company information, and increases in files being shared in chats and messages.
Seventy-four percent of companies surveyed by Gartner plan to permanently shift some of their personnel to remote work. This presents a long-term information security challenge for many organizations.
“NC Protect is built on and leverages existing Microsoft security investments to get advanced information protection without the complex and time-consuming administration experience of native tools,” Mueffelmann said. “It provides partners with the opportunity to more easily and cost effectively ensure a secure Teams deployment, which is a key concern of most companies rolling out the platform.”
Read more about:MSPs
About the Author(s)
You May Also Like