A majority of election administrators in the United States have yet to implement cybersecurity controls designed to provide protection against phishing attacks, a new Area 1 Security report reveals.
Phishing, a type of cyber-attack where the victim is tricked into performing an action that eventually results in malware infection, data loss, or theft of credentials or money, has reportedly been involved in over ninety percent of the data breaches worldwide.
The U.S. elections have been targeted by phishing as well, with examples including attacks against election-sensitive organizations in 2016 and 2018, and phishing attempts targeting the current 2020 election cycle.
Looking to evaluate the email protections and controls that election administrators have implemented, Area 1 Security has analyzed 10,000 state and local election administrators’ susceptibility to phishing, and it has discovered that more than half of them use rudimentary or non-standard technologies for phishing protection.
The study also discovered that roughly a third (28.14%) of election administrators have basic controls to prevent phishing and that less than one-fifth of them (18.61%) use advanced anti-phishing controls.
According to the report, 5.42% of the election administrators use personal email addresses. Others independently manage their own custom email infrastructure, some using versions of the Exim mail server that are known to have been targeted in cyber-attacks.
Area 1 Security rates the implemented anti-phishing controls as advanced (when an independent email security service is used on top of cloud email controls), basic (cloud provider’s email controls only), limited (rudimentary cyber-security controls), non-standard (own email control based on open source software), and non-standard personal (use personal email/controls for pers ..
Support the originator by clicking the read the rest link below.
