5 minutes with Doug Matthews - Ransomware threats on political organizations | 2020-11-05

While the first thing that may come to mind is attacks on voter booths and polling data, hackers were expected to hit more vulnerable targets first, such as community-based organizations and systems supporting political campaigns.

These networks are rarely designed to withstand the ransomware threats much larger, established political bodies face, and hackers know it.

Here, we talk to Doug Matthews, Vice President of Product Management for Veritas, about the conditions impacting data protection during the election period.

Security magazine: Why were hackers expected to hit more vulnerable targets first, such as community-based organizations and systems supporting political campaigns?

Matthews: Attacking a political organization before the election and freezing data with ransomware is often low-hanging fruit for hackers and hacktivists looking to make money – or trouble. Tools that help canvass voters, deliver campaign information, or influence voting rarely enjoy the same level of data protection – making them a top hacking opportunity. Organizations responsible for those systems should have acted before the election to ensure they are available when needed and that data is protected holistically – no matter where it resides.

In addition, this is the first Presidential election to take place with a significant number of people working remotely or from home. Since election-themed social content can evoke a highly emotional response and lower people’s guard against clicking suspicious links, it is prime fodder to bait unsuspecting employees into a phishing attack – putting organizations at risk of attacks too.

It’s estimated that about 95 percent of cybersecurity breaches result from human error, such as an employee clicking an email link they have no business opening. Organizations must educate employees on the newest techniques hackers use to trick users into being the weakest link in a ransomware attack.

Security magazine: Are these networks designed to withstand cyberattacks such as ransomware? Why or why not?

Matthews: Organizations can be as buttoned up as possible when it comes to having the right protection and security requirements, but the remote work landscape is something hackers are considering when deploying their attacks. We’ve entered the age of ‘always-on’ employees where the lines between work and personal time are increasingly blurred. This accelerated online time is a prime opportunity for hackers to exploit the weakest link in a company’s security infrastructure – the employee.

Security magazine: What are the current conditions impacting data protection during the election period?

Matthews: In addition to the inherent security risks associated with a remote workforce, there are a number of other considerations that are heightening awareness around a potential attack.

While Presidential elections are always global news, this election is gaining unprecedented international visibility. As a result, there is a lot more election-based content coming from international sources that may be less familiar to US audiences. While Americans may easily spot a fake link to a reliable news source like The Washington Post, can they accurately identify a fake link to The Telegraph in the UK? Hackers are already spinning up a heady mix of tantalizing content, hard-to-spot scams and malicious malware to create ideal conditions for ransomware attacks. Businesses must act to ensure their data protection policies and tools are ready to handle this heightened threat, protecting against phishing and ransomware before they compromise corporate data.

This Presidential election is also likely to be one of the most emotional votes ever – which also means it can be one of the most dangerous elections for digital security. The election process is tribal and divisive, and playing out in real time across social media. Hackers are well aware of the opportunity this creates – building the ‘perfect storm’ for social engineering. Playing off voters’ emotions, hackers can easily orchestrate a successful ransomware attack – all they need to do is convince voters to click a link. It’s important for businesses and their employees to avoid letting emotions get in the way of smart digital security.

Security magazine: In the event of an attack, what can smaller regional governments and political organizations do to prepare and plan for recovery?

Matthews: We recommend five actions for organizations to take now to ensure their data is protected in the event of a ransomware attack:

Communicate the risk of election-based hacking to all employees / staff
Remind them of the organization’s security policy
Ensure the personal / acceptable use policy is well understood. Be specific about how staff can use social media for personal interests such as election research and news.
Push out regular updates to all remote devices – ensuring the latest security patches are in place.
Assume that, no matter how good your defenses are, someone will eventually click a rogue link and the corporate network will be compromised. Ensure all information is protected through comprehensive backup – so it’s recoverable after an attack takes place.

Security magazine: How can the private sector support smaller regional governments in their efforts to provide a secure voting experience, during this voting period and future elections?

Matthews: No matter where you sit on the political spectrum, it’s extremely important for organizations to ensure information is always available and protected. They can engage with companies who provide holistic data protection and resiliency of applications and infrastructure to avoid any attack that might wreak havoc on the political system

Private sector companies also have expertise in knowing when hackers will attack – and the key to a successful attack is to strike at the very moment when data is needed. The target can be anything related to the campaign – whether it’s mailing lists, volunteer driving schedules, or canvassing data. All this information can be critical in the weeks running up to election – and hackers know it. That’s why organizations must have off-site, encrypted copies of information to protect against leading threats such as ransomware. And why they must be backed up by a solution that unifies data protection across the infrastructure.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.