Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

Securing our Democracy: The case for robust campaign cybersecurity

By John McClurg
SEC0820-Cyber-Feat-slide1_900px.jpg
SEC0820-cyber-slide2_900px.jpg
SEC0820-Cyber-Feat-slide1_900px.jpg
SEC0820-cyber-slide2_900px.jpg
August 1, 2020

Sun Tzu famously said, “all warfare is based on deception.” He could hardly have anticipated how his words would ultimately be substantiated—particularly in the tactics of today’s cybercriminals. Even after 30 years in the trenches, I’m still surprised by their innovative tactics. Sun Tzu reportedly also said, “It’s not an admission of defeat to recognize and respect the strengths of your enemy; rather, it’s a necessary precondition to victory.”

I was perplexed by reports that two-thirds of Democratic presidential candidates, in addition to President Donald Trump, had failed to implement and enforce the basic email security protocol, DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance.” DMARC helps prevent business email compromise (BEC) by verifying the authenticity of a sender’s email in order to reject spoofed emails and prevent the exploitations of an individual’s address for malicious purposes.

While this protocol is important for both public and private sector professionals, it’s absolutely critical for political operatives, candidates and elected officials who will almost certainly face daily cyberattacks. Politicians and their staff are enticing targets because they have access to both sensitive information and VIPs.

Beyond political and policy impacts, the potential for financial fraud is readily apparent. Spoofing campaign email domains in order to fraudulently request campaign donations represents one possible attack vector and — given the swarm of messages sent by campaigns — one with a relatively high chance of going undetected. In one high profile instance, a California man managed to trick aspiring activists out of $250,000 in political donations.

 Although the proximity of political actors to information and wealth makes them alluring targets for BEC, it’s their behavior that makes them easy victims. These individuals are often highly ambulant, operating in hectic environments and under constant stress. They’re forced into snap decisions, often made on the run and communicated through smartphones with small interfaces, making minute anomalies difficult to detect. That makes candidates and staff prime targets for socially engineered, “muscle-memory” attacks that exploit our reliance on mindless, routine actions and our inability to effectively multi-task.

It’s worth noting that even the savviest cybersecurity professionals are victimized by BEC attacks. Recently, a colleague of mine nearly completed a wire transfer to a fraudulent party after initially missing a small anomaly in an otherwise legitimate-looking email request. That even the most experienced among us fail to consistently detect these tactics is a nod to cybercriminals, who are cunningly adept at encouraging urgency, mimicking trusted third parties, and otherwise taking advantage of our innate cognitive limits of rationality.

While politicians and staff are skilled in the nuance of policy and the intricacies of stumping for votes, they appear to be woefully uninformed in the most basic segment of cybersecurity: email security. Given that they are targets of both state-sponsored and financially-motivated attacks, it’s imperative they move quickly and decisively to secure such a primary communication method. That starts with the implementation and enforcement of DMARC protocols. But it extends also to MFA and enterprise-grade messaging platforms. Combined, these help prevent unauthorized email access and electronic eavesdropping while encouraging the detection of phishing and other social engineering emails. Most importantly, campaigns should deploy AI-driven predictive threat detection to stay in front of sophisticated cyberattacks from state-sponsored groups.

We can indeed learn much from Sun Tzu. One of his axioms, however, is no longer descriptive of the landscape we currently inhabit — we cannot choose when we’ll have to fight a cyber battle. That’s particularly true for today’s politicians, who must prepare as if under constant attack and move quickly to secure their campaign’s digital activities. Failure in that regard represents a direct threat to the critical inner workings of our democracy.

KEYWORDS: Blackberry cyber security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber tactics

    2023: The year for contextual cyber threat intelligence

    See More
  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing