According to CNN, the Democratic National Committee’s head of cybersecurity, Bob Lord, is warning presidential primary candidates that the best time for hackers to target their campaigns is right now — in the early days of the cycle. The DNC advises campaigns to create a security plan and follow the “Device and Account Security Checklist” which includes instructions on encrypting a computer hard drive.
Colin Bastable, CEO at Lucy Security:
“The problem for political campaigns is that teams have a high churn rate and rely on third party fund-raisers, analysts and consultants, which only increases their overall security risk. Teams are stood up fast, let go faster and are highly emotional. As all politicians know, the enemy is behind you, not across the aisle.
Candidates will entrust their passwords to campaign staff – these people will run Twitter, access databases, book appointments, manage email and run HubSpot. That is the nature of political campaigns. So there are multiple attack vectors.
Disk encryption, also known as FDE (Full Disk Encryption), is pretty much useless once the password is stolen or factored. FDE gives people a false sense of security. Gmail? AOL? Yahoo? Google scans every email that goes through its servers. Why would any political candidate want their “private” emails to go through Google’s systems? Someday, those emails will come back to bite the candidate. Keep emails harmless, because all email is forever – not just Gmail.
The DNC security checklist focuses on systems – but the moving parts are all people-related, and this is where 97% of the attacks come from. Teach the people to spot the characteristics of hacking attacks, and the risk of successful attacks can be reduced tenfold.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.