How do we defend democracy in today's cyber threat landscape?
Defending election security in today's cyber threat landscape
With the dust settled on the UK general election and with the US presidential election looming, serious concerns remain about the cybersecurity element of the global democratic process. There is a growing and ever-changing information landscape fueled by ongoing technological evolution and the omnipresent risk of misinformation on a grand and convincing scale.
We saw countless examples in the run up to the UK’s general election of politicians falling victim to deepfakes with these videos proliferating on social media. In our increasingly digital world, where many voters depend on social media as their primary source of news and information, it’s important that all stakeholders work together and adopt best practices and measures to protect the electoral process.
The quality and scale of misinformation means that there is a very real threat that election outcomes could potentially be swayed. With so much at stake, it’s essential that the world takes action to properly secure democracy against the many threats facing it.
President for EMEA at CyberArk.
The age of AI misinformation
This worry about deepfakes and misinformation in general has made its way down to UK workers as well. Despite the innovative and potentially life-altering applications of AI, there is still a sense of worry hanging over the technology and its capabilities. A recent CyberArk survey found that the vast majority (81%) of UK workers are anxious about their visual likeness being stolen or used to conduct cyberattacks, with nearly half (46%) apprehensive about their likeness being used in deepfakes – a greater proportion than those worried that artificial intelligence (AI) will replace them in their roles (37%). The concern stems from their own lack of confidence in being able to tell the difference between a deepfake and reality. Over a third of UK office workers (34%) think that that they couldn’t spot if a very convincing phone call or email from their boss is fake.
And if that sense of worry is a big concern for the average UK worker, then for those in the political world that concern is tenfold. Recent research suggests that deepfakes of politicians are in fact the most prevalent form of harmful AI use, more prevalent even than AI-assisted cyberattacks.
The expanded threat vector of election infrastructure
The transition from analogue to digital and physical to virtual impacts voters and democracies worldwide, necessitating robust security measures for election machinery. Voter registration databases, containing sensitive personal information, must be protected to prevent identity theft and voter fraud. Electronic poll books, which automate voter check-in, and electronic voting machines (EVMs), used for casting ballots, are susceptible to DDoS attacks, malware, and data breaches. Outdated EVMs – some in India date back to 1989 - pose significant risks due to potential vulnerabilities. Tabulation systems, which count ballots, and election information websites are also targets for bad actors aiming to disrupt election processes and results. Ensuring the security of these elements is crucial for a successful democratic election.
Defending the democratic exercise
In the high-stakes world of election security, relying on a single line of defense is insufficient. This is where defense-in-depth and Zero Trust principles become essential, offering a layered approach to protecting critical election systems. A defense-in-depth strategy employs multiple, independent security controls like firewalls, intrusion detection systems, and network segmentation to protect election systems from various angles. If one layer is compromised, others can prevent or delay attackers, buying valuable time to respond and contain threats. Zero Trust on the other hand, operates on the principle of continuous verification of every user and device, regardless of access level, assuming no inherent trust within the system.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Basic cybersecurity hygiene practices are also incredibly important, such as poll worker and voter training, frequent security audits, equipment testing, and contingency planning. These practices ensure that security measures become second nature, and remain vital for safeguarding democratic processes.
It’s a collective responsibility
Securing our election processes is not an isolated task down to one single body – it requires partnerships between government agencies, technology vendors, election officials and, most importantly – voters. The rest of the 2024 elections will continue to face unprecedented threats from cyberattacks, misinformation and outdated technology. Defense-in-depth does not start with products; it begins with us. It’s time we all do our part as individual voters, election officials, politicians – even technology vendors – to ensure we protect our democratic rights.
We've featured the best identity theft protection.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Rich Turner has been CyberArk's SVP EMEA for over three years. Prior to this position, he led both FireEye and Proofpoint's EMEA businesses.