WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Software Products Thursday, November 26, 2020 
Add Press Release News | News Feeds Feeds | Email This News Email

SecurityScorecard Reveals 75% of US States and Territories Have Poor Overall Cybersecurity Leading up to Election
Friday, October 23, 2020

- Security Profiles Have Weakened Significantly During the Pandemic

NEW YORK, Oct. 15, 2020 /PRNewswire/ -- A report released today reviews the overall cybersecurity posture, including election-related infrastructure, of all 56 U.S. states and territories leading up to the presidential election. The "State of the States" infographic report found that the vast majority (75%) showed signs of a vulnerable IT infrastructure. The report was authored by SecurityScorecard, a New York-based cybersecurity firm and the global leader in security ratings. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.

High-Level Findings

    --  Seventy-five percent of U.S. states and territories' overall cyberhealth
        are rated a 'C' or below; 35% have a 'D' and below.
        --  States with a grade of 'C' are 3x more likely to experience a breach
            (or incident, such as ransomware) compared to an 'A' based on a
            three-year SecurityScorecard study of historical data
        --  Those with a 'D' are nearly 5x more likely to experience a breach
    --  States with the highest scores: Kentucky (95) Kansas (92) Michigan (92)
    --  States with the lowest scores: North Dakota (59) Illinois (60) Oklahoma
    --  Among states and territories, there are as many 'F' scores as there are
    --  The Pandemic Effect: Many states' scores have dropped significantly
        since January. For example, North Dakota scored a 72 in January and now
        has a 59
        --  Why? Remote work mandates gave state networks a larger attack
            surface (e.g., thousands of state workers on home Wi-Fi), making it
            more difficult to ensure employees are using up-to-date software
    --  SecurityScorecard observed significant security concerns with two
        critically important "battleground" states, Iowa and Ohio, both of which
        scored a 68, or a 'D' rating.

    --  According to political experts, the following states are considered
        "battleground" and will help determine the result of the election. But
        over half have a lacking overall IT infrastructure:

     ? Michigan: 92 (A)       ? North Carolina: 81 (B)

     ? Wisconsin: 88 (B)    
     ? Arizona: 81 (B)

     ? Texas: 85 (B)          ? New Hampshire: 77 (C)

     ? Pennsylvania: 85 (B) 
     ? Georgia: 77 (C)

     ? Nevada: 74 (C)       
     ? Iowa: 68 (D)

     ? Florida: 73 (C)      
     ? Ohio: 68 (D)

"The IT infrastructure of state governments should be of critical importance to securing election integrity," said Alex Heid, chief research and development officer at SecurityScorecard. "This is especially true in 'battleground states' where the Department of Homeland Security, political parties, campaigns, and state government officials should enforce vigilance through continuously monitoring state voter registration networks and web applications for the purpose of mitigating incoming attacks from malicious actors. The digital storage and transmission of voter registration and voter tally data needs to remain flawlessly intact. Some states have been doing well regarding their overall cybersecurity posture, but the vast majority have major improvements to make."

Potential Consequences of Lower Scores

    --  Targeted phishing/malware delivery via e-mail and other mediums,
        potentially as a means to both infect networks and spread misinformation
        --  Malicious actors often sell access to organizations they have
            successfully infected
    --  Attacks via third-party vendors - many states use the same vendors, so
        access into one could mean access to all. This is the top cybersecurity
        concern for political campaigns
    --  Voter registration databases could be impacted
        --  In the worst-case scenario, attackers could remove voter
            registrations or change voter precinct information or make crucial
            systems entirely unavailable on Election Day through ransomware

"These poor scores have consequences that go beyond elections; the findings show chronic underinvestment in IT by state governments," said Rob Knake, the former director for cybersecurity policy at the White House in the Obama Administration. "For instance, combatting COVID-19 requires the federal government to rely on the apparatus of the states. It suggests the need for a massive influx of funds as part of any future stimulus to refresh state IT systems to not only ensure safe and secure elections, but save more lives."

How States and Territories Can Improve
First and foremost, election security is a significant priority for SecurityScorecard as it is aligned with the company's mission to make the world a safer place. Any state that wishes to receive a free version of its Scorecard may contact and will promptly receive a complimentary version of the company's product expanded beyond what is otherwise publicly offered.

"SecurityScorecard takes election security very seriously and we are here to help. While this report shines a light on some of the gaps in state security, there are paths to remediation," said Sachin Bansal, general counsel at SecurityScorecard. "We already offer our solution at no charge to all federal campaigns and parties, and the same offer now applies to any state and territory. We're on the same side of the fight against malicious actors who threaten the safety and security of our national cyber infrastructures."

A set of best practices for states includes:

    --  Create dedicated voter and election-specific websites under the domains
        of the official state domain, rather than using alternative domain names
        which can be subjected to typosquatting
    --  Have an IT team specifically tasked and accountable for bolstering voter
        and election website cybersecurity: defined as confidentiality,
        integrity, and availability of all processed information
    --  States should establish clear lines of authority for updating the
        information on these sites that includes the 'two-person' rule -- no
        single individual should be able to update information without a second
        person authorizing it
    --  States and counties should continuously monitor the cybersecurity
        exposure of all assets associated with election systems, and ensure that
        vendors supplying equipment and services to the election process undergo
        stringent processes

Methodology and the Meaning of Scores and Breach Likelihood
From September to early October 2020, SecurityScorecard evaluated and scored each state based on findings across 10 categories: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, information leaks, and social engineering. Technical findings, methodology and an explanation of the score meanings and breach likelihood stats can be found in this fact sheet. More information on scoring methodology is explained in full on the SecurityScorecard Trust Portal.

The full visual representation of the data can be found here.

About SecurityScorecard
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit or connect with us on LinkedIn.

View original content to download multimedia:

SOURCE SecurityScorecard

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav The Top Software Development Companies, According to DesignRush | Nov 26, 2020
Nav Global Digital Pathology Systems Industry | Nov 26, 2020
Nav Global Low-Code Development Platform Market 2020-2030: AI-Enabled Low-Code Development Platform to Accelerate Digital Transformation | Nov 26, 2020
Nav Billtrust Upgrades Advanced Machine Learning in Cash Application Software, Speeding Cash to Businesses During Pandemic | Nov 26, 2020
Nav The global Artificial Intelligence-as-a-Service market was valued at USD 2.68 billion in 2019, and it is expected to reach USD 28.58 billion by 2025, registering a CAGR of 48.9% during the period of 2020-2025 | Nov 26, 2020
Nav REcolorado Names as their New Website Partner | Nov 26, 2020
Nav Announces Cooperation With RAD to Boost Network Flexibility with Lean SD-WAN | Nov 26, 2020
Nav Future FinTech Appointed Yang Liu as Chief Operation Officer | Nov 26, 2020
Nav Augmented Reality and Virtual Reality Market worth $77.0 billion and $20.9 billion by 2025 respectively - Exclusive Report by MarketsandMarkets(TM) | Nov 26, 2020
Nav 5G in Defense Market by Communication Infrastructure, Core Network Technology, Platform, End-user, Network Type, Chipset, Operational Frequency, Installation and Region - Global Forecast to 2025 | Nov 26, 2020

Submit News | View More News View More News