https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Presidential Seal

Scoring the Democratic Presidential Candidates on Cybersecurity

  • Written by Pam Baker
  • March 27, 2020
CISO Paul Gagliardi scores Democratic candidates’ campaigns and their third-party vendors on cybersecurity.

For months now, U.S. lawmakers have heard warnings about Russia interfering with this year’s elections. But the threat extends beyond voting machines and voter data to the campaigns in both parties. MSSPs increasingly play larger roles in cybersecurity for candidates and the voting process. A new report offers insights into how well MSSPs and others are performing on the candidate side.

President Trump is the incumbent and largely covered by national security agencies. But the Democratic candidates are pretty much on their own when it comes to cybersecurity, at least for the moment. SecurityScorecard scored their efforts in their latest report.

“The entire team entered the exercise thinking we would unfortunately find some significant holes in the candidate’s security,” said Paul Gagliardi, CISO and head of threat intelligence at SecurityScorecard.

In a previous report on national and foreign political parties, the SecurityScorecard team discovered major flaws and issues in many of them. Gagliardi said the team “expected that to extend” to this year’s crop of Democratic candidates’ campaigns as well.

“Fortunately for American voters, that was not the case and we were pleasantly surprised that there were no low-hanging giant flaws we could find across the campaigns,” he said.

SecurityScorecard's Paul Gagliardi

SecurityScorecard’s Paul Gagliardi

“We should have expected this, but it was surprising to see modern campaigns choosing a subset of vendors and third parties to do all the heavy lifting. We’ve historically found large flaws in the political parties within software solutions that were seemingly developed in-house — for example, solutions to capture voter information,” Gagliardi added.

MSSP Insider talked with Gagliardi about the report findings and what they might mean in light of foreign interference in U.S. elections.

Channel Futures’ MSSP Insider: What are the highlights in the SecurityScorecard you released earlier this month?

Paul Gagliardi: We graded all candidates’ campaigns at a rating of “B” or above, whereas our last report in 2019 found that the DNC overall had a “C” grade. This turnaround shows an increased focus on cybersecurity measures and candidate willingness to invest in good cyber hygiene.

Each campaign utilized third parties for critical technical functions. These third parties also exhibited clean external facing hygiene, although there is a risk of them becoming a target for sophisticated actors.

However, there were problematic findings with nonsanctioned websites and applications. For example, we discovered a cross-site scripting (XSS) attack among a third-party community event management application supporting Andrew Yang, who has since dropped out of the race.

CFMI: How did the key Democratic candidates and the third-party vendors they use to support their online presence score?

PG: Of the two remaining candidates, Biden scored a 97 and Sanders scored an 89. While this is good overall, we want to see any presidential hopeful taking cybersecurity as seriously as possible, particularly given recent threats from nation-states and increased vulnerabilities as workforces move fully remote.

We looked into a number of third-party vendors, including:

  • services and third parties such as Google, NGP, and Mailchimp, which candidates permitted to send email on their behalf.
  • third parties such as Cloudflare, Cloudfront, and Fastly, which provide technical, defensive, and infrastructure services to host the campaign’s websites and platforms.
  • other commonly used third parties, including ActBlue, Pantheon, Mobilize America and ActionKit.

The campaigns outsourced critical functions to expert third parties, which mirrors …

  • Page 1
  • Page 2
Tags: MSPs Business of Security MSSP Insider Network

Related


  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Threats
    Despite SIEM Software Adoption, Threat Coverage Comes Up Short
    Enterprise SIEMs are unprepared for 84% of certain tactics and techniques.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Blame IT Pros for Data Privacy Failures?
  • MSSPs, Beware: Threat Analysis Group Warns of North Korean Social Engineering
  • Financial Sector Cyberattacks Rising with Bad Actors Raking in the Dough
  • Untangle Research: Breach Headlines to Prompt Increased Cybersecurity Spending

Galleries

View all

Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now

February 23, 2021

Industry Perspectives

View all

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Public Sector IT Funding Outlook for 2021–and What It Means for Our Reseller Partners

February 18, 2021

MSPs: Grow the Business with Marketing (While Focusing on What You Do Best)

February 17, 2021

Webinars

View all

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021
  • 1

White Papers

View all

Kaspersky Endpoint Detection and Response Optimum

February 19, 2021

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@AteraCloud receives $25 million investment to help more #MSPs, IT pros. dlvr.it/RtPbBG https://t.co/UxHqhrUKgx

February 24, 2021
ChannelFutures

.@Infoblox rolls out new #Cloud Specialization program to increase partners' #SaaS sales. dlvr.it/RtPb7f https://t.co/CmZTwYiv1u

February 24, 2021
ChannelFutures

RT @Channel_Expo: ⏱️ Time is ticking to save on your pass to #CPVirtual next week...View all pass options and secure your virtual seat by F…

February 24, 2021
ChannelFutures

The new @Commvault #EMEA channel exec will focus attention on alliances, cloud and simplifying and expanding partne… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

#NYC #MSP @Electric_AI receives $40 million in C-Series investment from VC firm @GreenspringVC.… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

.@rev_io_hq says the #backoffice grows in importance as more people work from home. dlvr.it/RtNLjd https://t.co/YZEVnm3KVk

February 24, 2021
ChannelFutures

.@KaseyaCorp acquires @rocketcyber, beefs up #cybersecurity for MSPs. dlvr.it/RtLQQ7 https://t.co/GXkDVhoNw5

February 23, 2021
ChannelFutures

Continuing #digitaltransformation for partners helps unlock #aaS and sales, says @GeorgeHope216.… twitter.com/i/web/status/1…

February 23, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X