“The IT infrastructure of state governments should be of critical importance to securing election integrity,” said Alex Heid, chief research and development officer at SecurityScorecard. “This is especially true in ‘battleground states’ where the Department of Homeland Security, political parties, campaigns, and state government officials should enforce vigilance through continuously monitoring state voter registration networks and web applications for the purpose of mitigating incoming attacks from malicious actors. The digital storage and transmission of voter registration and voter tally data needs to remain flawlessly intact. Some states have been doing well regarding their overall cybersecurity posture, but the vast majority have major improvements to make.”
Potential Consequences of Lower Scores
- Targeted phishing/malware delivery via e-mail and other mediums, potentially as a means to both infect networks and spread misinformation
- Malicious actors often sell access to organizations they have successfully infected
- Attacks via third-party vendors – many states use the same vendors, so access into one could mean access to all. This is the top cybersecurity concern for political campaigns
- Voter registration databases could be impacted
- In the worst-case scenario, attackers could remove voter registrations or change voter precinct information or make crucial systems entirely unavailable on Election Day through ransomware
“These poor scores have consequences that go beyond elections; the findings show chronic underinvestment in IT by state governments,” said Rob Knake, the former director for cybersecurity policy at the White House in the Obama Administration. “For instance, combatting COVID-19 requires the federal government to rely on the apparatus of the states. It suggests the need for a massive influx of funds as part of any future stimulus to refresh state IT systems to not only ensure safe and secure elections, but save more lives.”
How States and Territories Can Improve
First and foremost, election security is a significant priority for SecurityScorecard as it is aligned with the company’s mission to make the world a safer place. Any state that wishes to receive a free version of its Scorecard may contact email@example.com and will promptly receive a complimentary version of the company’s product expanded beyond what is otherwise publicly offered.
“SecurityScorecard takes election security very seriously and we are here to help. While this report shines a light on some of the gaps in state security, there are paths to remediation,” said Sachin Bansal, general counsel at SecurityScorecard. “We already offer our solution at no charge to all federal campaigns and parties, and the same offer now applies to any state and territory. We’re on the same side of the fight against malicious actors who threaten the safety and security of our national cyber infrastructures.”
A set of best practices for states includes:
- Create dedicated voter and election-specific websites under the domains of the official state domain, rather than using alternative domain names which can be subjected to typosquatting
- Have an IT team specifically tasked and accountable for bolstering voter and election website cybersecurity: defined as confidentiality, integrity, and availability of all processed information
- States should establish clear lines of authority for updating the information on these sites that includes the ‘two-person’ rule — no single individual should be able to update information without a second person authorizing it
- States and counties should continuously monitor the cybersecurity exposure of all assets associated with election systems, and ensure that vendors supplying equipment and services to the election process undergo stringent processes
Methodology and the Meaning of Scores and Breach Likelihood
From September to early October 2020, SecurityScorecard evaluated and scored each state based on findings across 10 categories: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, information leaks, and social engineering. Technical findings, methodology and an explanation of the score meanings and breach likelihood stats can be found in this fact sheet. More information on scoring methodology is explained in full on the SecurityScorecard Trust Portal.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
View original content to download multimedia: http://www.prnewswire.com/news-releases/securityscorecard-reveals-75-of-us-states-and-territories-have-poor-overall-cybersecurity-leading-up-to-election-301152928.html
- ^ report (c212.net)
- ^ “State of the States” infographic report (c212.net)
- ^ SecurityScorecard (c212.net)
- ^ firstname.lastname@example.org (apnews.com)
- ^ this fact sheet (c212.net)
- ^ SecurityScorecard Trust Portal (c212.net)
- ^ can be found here (c212.net)
- ^ . (c212.net)
- ^ Instant SecurityScorecard (c212.net)
- ^ LinkedIn (c212.net)
- ^ http://www.prnewswire.com/news-releases/securityscorecard-reveals-75-of-us-states-and-territories-have-poor-overall-cybersecurity-leading-up-to-election-301152928.html (www.prnewswire.com)
Source URL: Read More
The public content above was dynamically discovered – by graded relevancy to this site’s keyword domain name. Such discovery was by systematic attempts to filter for “Creative Commons“ re-use licensing and/or by Press Release distributions. “Source URL” states the content’s owner and/or publisher. When possible, this site references the content above to generate its value-add, the dynamic sentimental analysis below, which allows us to research global sentiments across a multitude of topics related to this site’s specific keyword domain name. Additionally, when possible, this site references the content above to provide on-demand (multilingual) translations and/or to power its “Read Article to Me” feature, which reads the content aloud to visitors. Where applicable, this site also auto-generates a “References” section, which appends the content above by listing all mentioned links. Views expressed in the content above are solely those of the author(s). We do not endorse, offer to sell, promote, recommend, or, otherwise, make any statement about the content above. We reference the content above for your “reading” entertainment purposes only. Review “DMCA & Terms”, at the bottom of this site, for terms of your access and use as well as for applicable DMCA take-down request.
Acquire this Domain
You can acquire this site’s domain name! We have nurtured its online marketing value by systematically curating this site by the domain’s relevant keywords. Explore our content network – you can advertise on each or rent vs. buy the domain. Buy@TLDtraders.com | Skype: TLDtraders | +1 (475) BUY-NAME (289 – 6263). Thousands search by this site’s exact keyword domain name! Most are sent here because search engines often love the keyword. This domain can be your 24/7 lead generator! If you own it, you could capture a large amount of online traffic for your niche. Stop wasting money on ads. Instead, buy this domain to gain a long-term marketing asset. If you can’t afford to buy then you can rent the domain.
We are Internet Investors, Developers, and Franchisers – operating a content network of several thousand sites while federating 100+ eCommerce and SaaS startups. With our proprietary “inverted incubation” model, we leverage a portfolio of $100M in valued domains to impact online trends, traffic, and transactions. We use robotic process automation, machine learning, and other proprietary approaches to power our content network. Contact us to learn how we can help you with your online marketing and/or site maintenance.