It’s 2020, which means it’s time for another Presidential election in the U.S. The big question is, who will win? But an even bigger question is, will we be able to trust the outcome? There are evil forces out there who’d love nothing better than to manipulate the outcome of the election for their own purposes. And what way are they most likely to do that? Through phishing, of course.
It’s not like elections haven’t been targeted by phishing attacks in the past. It’s happened in 2016 and 2018. So, it would be surprising if it didn’t happen this time around.
Election administrators know all this, but what have they done about it? As things turn out, not much. According to an article on Security Week, “Looking to evaluate the email protections and controls that election administrators have implemented, Area 1 Security has analyzed 10,000 state and local election administrators’ susceptibility to phishing, and it has discovered that more than half of them use rudimentary or non-standard technologies for phishing protection.” In other words, less than half have done anything about it.
Other interesting results from the study include “less than one-fifth of them (18.61%) use advanced anti-phishing controls [and] 5.42% of the election administrators use personal email addresses. Others independently manage their own custom email infrastructure, some using versions of the Exim mail server that are known to have been targeted in cyber-attacks.”
How could attackers use phishing to sabotage the election? Ransomware. From Security Week, “Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal.”
Things are trending in a bad direction. “Ransomware attacks targeting state and local governments have been on the rise, with cyber criminals seeking quick money by seizing data and holding it hostage until they get paid. The fear is that such attacks could affect voting systems directly or even indirectly, by infecting broader government networks that include electoral databases. Even if a ransomware attack fails to disrupt elections, it could nonetheless rattle confidence in the vote.”
Imagine if some portion of voters never get their vote counted. Of what use is the election? This is the challenge the election administrators wrestle with as the election looms near. What will they do about it? What can they do about it? One of the things they can do is to implement inexpensive, cloud-based phishing protection software for everybody even remotely involved in the election.
Phishing Protection technology like that available from Duocircle requires no purchase of hardware or software and no maintenance. Requiring no cash outlay to deploy the protection is important for a budget-minded election organization. It also sets up in about 10 minutes, which is important for these IT-limited organizations. And the price? Just pennies per user per month. Seems like a pretty small price to pay to preserve democracy.
Here’s hoping the election organizations do the right thing and deploy technology like Phishing Protection with real-time link scanning to avoid ransomware and ensure the reliability of the election outcome. They can even try it free for 60 days.