How to Prevent Cyberattackers’ Manipulation of the Democratic Process

With GCHQ’s recent warning that voting was subject to a cyberattack, what can we do to avoid manipulation of the democratic process?

It is a worrying time for many of us amid global inflation, rising living costs, and the ongoing energy crisis.

On top of this, the recent change in U.K. government leadership has been cause for further uncertainty, which is true not only from a societal and economic perspective but also from a security perspective – with Government Communications Headquarters (GCHQ) warning that the voting process was subject to attack.

Persistent malicious activity from hostile states and previous attacks on democratic elections show that prevention is always the best cure. This is because if it can be hacked, it will be. It is guaranteed that malicious groups would consider manipulating votes in pursuit of their own gain.

Fortunately, vigilance from GCHQ prevented a cyberattack in the recent Tory leadership election, but this would not have been possible without secure protocols that are vital for spotting attacks. The fact that China, Russia, and Iran have previously been accused of attempting to influence polls further highlights the security dangers against not only democratic elections, but also political leaders and government organizations more broadly.

So, with new leadership now in place, what lessons can be learned from this democratic process?

What can be done to limit cyberattackers’ influence on the democratic process?

While cybersecurity protocol is crucial for workers in the public and private sectors alike, it is vital for political operatives, candidates, and elected officials. After all, politicians and their employees are attractive targets because they have access to sensitive information and significant individuals, including high-profile funders.

Political actors are also easy targets due to their behavior. These individuals are often highly ambulant, operating in hectic environments and working under continuous stress. They are compelled to make quick decisions, often while on the move, and communicate through smartphones with small interfaces, making minute anomalies difficult to detect.

However, this is where candidates and staff can fall victim to social engineering “muscle memory” attacks, which exploit our reliance on routine actions (responding to email login requests without a second thought, for example) and our inability to effectively multi-task.

Given that these individuals are targets for both state-sponsored and financially-motivated attacks, it is imperative that government organizations and their employees know how to move quickly and decisively to secure these primary forms of communication.

Securing the Democratic Process Requires Speedy Action

To defend against unauthorized influence, government organizations should adopt both the right technologies and the right attitudes. By securing every hackable endpoint, exercising zero trust across systems and processes like ballots, and ensuring that every security protocol – however basic – is enforced, will remove any security blind spots.

The implementation and enforcement of Domain-based Message Authentication, Reporting & Conformance (DMARC) protocols is also essential, including extending efforts to multi-factor authentication (MFA) and enterprise-grade messaging platforms.

Combined, these help to prevent unauthorized email access and electronic eavesdropping, while encouraging the detection of phishing and other social engineering emails. Most importantly, government organizations should deploy AI-driven predictive threat detection to stay in front of the sophisticated cyberattacks inbound from state-sponsored groups.

Prevent, Secure, Succeed

States cannot choose when they will have to fight a cyber battle – unfortunately, it is out of our control. Therefore, today’s leaders and government organizations must be ready to respond with effective secure cyber protocols, particularly Domain-based Message Authentication, Reporting & Conformance (DMARC) email security given the fast-paced nature of these organizations and individuals.

While security is important for both public and private sector professionals, it is even more critical in the political sphere – with failure to act quickly posing a direct threat to democracy itself.

Read the full article in Open Access Government News.

Related Reading

• Remote Employees and Cybersecurity: Are Price-Conscious Workers Creating Security Gaps in Your Organization?
• Protecting the SMB: 3 Misconceptions
  
• Lessons From a Teenage Hacker: Establish Secure Communications Before a Breach
  
• New Cybersecurity Insights: Register Now for the Ninth Annual BlackBerry Security Summit