U.S. — Election Administrators Failed to implement Phishing Protection: Study


    A majority of election directors in the US have but to implement cybersecurity controls designed to offer safety in opposition to phishing assaults, a brand new Space 1 Safety report reveals.

    Phishing, a sort of cyber-attack the place the sufferer is tricked into performing an motion that ultimately leads to malware an infection, information loss, or theft of credentials or cash, has reportedly been concerned in over ninety % of the info breaches worldwide.

    The U.S. elections have been focused by phishing as effectively, with examples together with assaults in opposition to election-sensitive organizations in 2016 and 2018, and phishing makes an attempt focusing on the present 2020 election cycle.

    Seeking to consider the e-mail protections and controls that election directors have applied, Space 1 Safety has analyzed 10,000 state and native election directors’ susceptibility to phishing, and it has found that greater than half of them use rudimentary or non-standard applied sciences for phishing safety.

    The research additionally found that roughly a 3rd (28.14%) of election directors have primary controls to forestall phishing and that lower than one-fifth of them (18.61%) use superior anti-phishing controls.

    In line with the report, 5.42% of the election directors use private e mail addresses. Others independently handle their very own customized e mail infrastructure, some utilizing variations of the Exim mail server which can be recognized to have been focused in cyber-attacks.

    Space 1 Safety charges the applied anti-phishing controls as superior (when an unbiased e mail safety service is used on high of cloud e mail controls), primary (cloud supplier’s e mail controls solely), restricted (rudimentary cyber-security controls), non-standard (personal e mail management based mostly on open supply software program), and non-standard private (use private e mail/controls for private e mail).

    The score system solely takes into consideration publicly observable e mail safety controls, however not extra inner controls that enhance safety however don’t stop phishing, enterprise e mail compromise (BEC), or credential harvesting assaults. SPF, DKIM and DMARC insurance policies will not be considered both.

    “Having sturdy DMARC insurance policies ensures that organizations are defending their model and area for outbound emails; however is inadequate and ineffective in opposition to inbound phishing assaults. We suggest that every one organizations extensively undertake and implement DMARC insurance policies as a matter of cyber-security hygiene,” the safety agency notes.

    In its report, which contains safety rankings for election directors in each U.S. county, Space 1 Safety recommends that election directors stop utilizing Exim, particularly in gentle of just lately focused vulnerabilities, or at the least be sure that it’s updated. It additionally recommends using cloud e mail infrastructure and refraining from utilizing private emails for the administration of elections.

    Associated: U.S. Authorities Warns of Steady Election Meddling Efforts

    Associated: Democrats ‘Gravely Involved’ Over International Interference in US Vote

    Associated: Menace to US Elections Not Restricted to Russia in 2020

    view counter

    Ionut Arghire is a world correspondent for SecurityWeek.

    Earlier Columns by Ionut Arghire:

    Recent Articles

    Inflammatory skin diseases

    INFLAMMATORY SKIN DISEASES AND THEIR TREATMENT The most common and important inflammatory skin diseases include neurodermatitis, psoriasis, acne and rosacea. We are also aware of many...

    Unravel the XDR Noise and Recognize a Proactive Approach

      Cybersecurity professionals know this drill nicely all too nicely. Making sense of heaps of info and noise to entry what actually issues. XDR (Prolonged Detection & Response) has been a technical acronym thrown round within the cybersecurity business with many notations and...

    PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption

      Researchers have disclosed the small print of a brand new side-channel assault technique that can be utilized to acquire delicate data from a system...

    The Container configurations in Amazon ECS

      Revealed: November 7, 2020 | Modified: November 7, 2020 | Zero views A fast put up on superior container configurations in Amazon ECS. ECS container superior...

    Antivirus Testing – VIPRE for your Home and Business

      Individuals typically marvel, “What’s one of the best antivirus?” A number of distributors will declare that their product is one of the best within...

    Related Stories