One month away from the 2024 U.S. elections, election security is a top priority. The importance of an upcoming election inevitably means a higher level of media attention, making it a perfect target for cybercriminals. There have already been a number of incidents, including an assassination attempt on former President Donald Trump. The Trump campaign also suffered a hack this past summer, highlighting the importance for improved physical and cybersecurity.

"In our work studying cybercriminals, we see they are often motivated and emboldened by media attention and engagement. In this case, we saw them reach out directly to high profile media to celebrate their activity. This emphasizes the need to study and report on the behavior of criminal actors to ensure everyday people and organizations are equipped with education and intelligence to combat threats, versus over accentuating the threat actor themselves,” says John Fokker, Head of Threat Intelligence at Trellix.

The amount of sensitive information surrounding elections also makes them desirable for threat actors. It takes a lot of people to keep a campaign running smoothly, from security to assistants to hotel employees while the candidate is traveling. The safety of the candidates is a top priority, so communication between an entire campaign team has to be secure.

These risks make elections a critical time for security professionals as they deal with a wide variety of concerns.

“We can anticipate a significant increase in disinformation and phishing attacks as the United States prepares for early or mail-in voting in the 2024 elections. The majority of these attacks will likely come from cybercriminals spreading disinformation about how and where to vote. This year’s phishing campaigns may be more sophisticated and widespread, as non-native English or Spanish speakers will be able to leverage large language models to produce realistic messaging,” says Kayne McGladrey, IEEE Senior Member.

With the speed of the news cycle, misinformation can cause a lot of damage before it’s disproven. Security leaders should keep a careful eye on any headlines that may affect them, from a misquoted campaign speech to an intentional spread of disinformation. Elections are also a time when political organizations begin reaching out to constituents, and it can make it easier for cybercriminals to sneak phishing campaigns into the mix. Security leaders should remind employees to never click on unfamiliar links, especially on company devices.

The 2024 election is facing a new risk compared to past elections, as artificial intelligence (AI) poses a number of security threats. There have already been instances of using AI to falsify photographs and events, including fake endorsements from celebrities and other political figures.

“Throughout the 2024 election cycle, AI has opened the door to brand new types of phishing scams, and is playing a huge role as these scams aim to attack and thwart cybersecurity protections. A significant threat to be on the lookout for during the election is disinformation from purported business and government leaders and influencers to change the views and opinions of the general public, influence their beliefs, and motivate them to take what are often destructive actions. The use of AI to make these leaders and influencers “say” the disinformation in videos and audio is becoming very hard for the general public to detect as being AI-generated. A significant way to prevent such deceptions from being successful is to provide effective training about AI use in phishing tactics and other types of scams, how to identify them, and how to respond to such situations. Such training needs to be followed up with several periodic reminders of the lessons provided during the training,” says Rebecca Herold, IEEE Member.

With the number of risks surrounding the upcoming election, it’s important for security leaders to remain alert leading up to November 5.