SecurityScorecard Reveals 75% of US States and Territories Have Poor Overall Cybersecurity Leading up to Election
Friday, October 23, 2020
- Security Profiles Have Weakened Significantly During the Pandemic
NEW YORK, Oct. 15, 2020 /PRNewswire/ -- A report released today reviews the overall cybersecurity posture, including election-related infrastructure, of all 56 U.S. states and territories leading up to the presidential election. The "State of the States" infographic report found that the vast majority (75%) showed signs of a vulnerable IT infrastructure. The report was authored by SecurityScorecard, a New York-based cybersecurity firm and the global leader in security ratings. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.
-- Seventy-five percent of U.S. states and territories' overall cyberhealth
are rated a 'C' or below; 35% have a 'D' and below.
-- States with a grade of 'C' are 3x more likely to experience a breach
(or incident, such as ransomware) compared to an 'A' based on a
three-year SecurityScorecard study of historical data
-- Those with a 'D' are nearly 5x more likely to experience a breach
-- States with the highest scores: Kentucky (95) Kansas (92) Michigan (92)
-- States with the lowest scores: North Dakota (59) Illinois (60) Oklahoma
-- Among states and territories, there are as many 'F' scores as there are
-- The Pandemic Effect: Many states' scores have dropped significantly
since January. For example, North Dakota scored a 72 in January and now
has a 59
-- Why? Remote work mandates gave state networks a larger attack
surface (e.g., thousands of state workers on home Wi-Fi), making it
more difficult to ensure employees are using up-to-date software
-- SecurityScorecard observed significant security concerns with two
critically important "battleground" states, Iowa and Ohio, both of which
scored a 68, or a 'D' rating.
-- According to political experts, the following states are considered
"battleground" and will help determine the result of the election. But
over half have a lacking overall IT infrastructure:
? Michigan: 92 (A) ? North Carolina: 81 (B)
? Wisconsin: 88 (B)
? Arizona: 81 (B)
? Texas: 85 (B) ? New Hampshire: 77 (C)
? Pennsylvania: 85 (B)
? Georgia: 77 (C)
? Nevada: 74 (C)
? Iowa: 68 (D)
? Florida: 73 (C)
? Ohio: 68 (D)
"The IT infrastructure of state governments should be of critical importance to securing election integrity," said Alex Heid, chief research and development officer at SecurityScorecard. "This is especially true in 'battleground states' where the Department of Homeland Security, political parties, campaigns, and state government officials should enforce vigilance through continuously monitoring state voter registration networks and web applications for the purpose of mitigating incoming attacks from malicious actors. The digital storage and transmission of voter registration and voter tally data needs to remain flawlessly intact. Some states have been doing well regarding their overall cybersecurity posture, but the vast majority have major improvements to make."
Potential Consequences of Lower Scores
-- Targeted phishing/malware delivery via e-mail and other mediums,
potentially as a means to both infect networks and spread misinformation
-- Malicious actors often sell access to organizations they have
-- Attacks via third-party vendors - many states use the same vendors, so
access into one could mean access to all. This is the top cybersecurity
concern for political campaigns
-- Voter registration databases could be impacted
-- In the worst-case scenario, attackers could remove voter
registrations or change voter precinct information or make crucial
systems entirely unavailable on Election Day through ransomware
"These poor scores have consequences that go beyond elections; the findings show chronic underinvestment in IT by state governments," said Rob Knake, the former director for cybersecurity policy at the White House in the Obama Administration. "For instance, combatting COVID-19 requires the federal government to rely on the apparatus of the states. It suggests the need for a massive influx of funds as part of any future stimulus to refresh state IT systems to not only ensure safe and secure elections, but save more lives."
How States and Territories Can Improve
First and foremost, election security is a significant priority for SecurityScorecard as it is aligned with the company's mission to make the world a safer place. Any state that wishes to receive a free version of its Scorecard may contact firstname.lastname@example.org and will promptly receive a complimentary version of the company's product expanded beyond what is otherwise publicly offered.
"SecurityScorecard takes election security very seriously and we are here to help. While this report shines a light on some of the gaps in state security, there are paths to remediation," said Sachin Bansal, general counsel at SecurityScorecard. "We already offer our solution at no charge to all federal campaigns and parties, and the same offer now applies to any state and territory. We're on the same side of the fight against malicious actors who threaten the safety and security of our national cyber infrastructures."
A set of best practices for states includes:
-- Create dedicated voter and election-specific websites under the domains
of the official state domain, rather than using alternative domain names
which can be subjected to typosquatting
-- Have an IT team specifically tasked and accountable for bolstering voter
and election website cybersecurity: defined as confidentiality,
integrity, and availability of all processed information
-- States should establish clear lines of authority for updating the
information on these sites that includes the 'two-person' rule -- no
single individual should be able to update information without a second
person authorizing it
-- States and counties should continuously monitor the cybersecurity
exposure of all assets associated with election systems, and ensure that
vendors supplying equipment and services to the election process undergo
Methodology and the Meaning of Scores and Breach Likelihood
From September to early October 2020, SecurityScorecard evaluated and scored each state based on findings across 10 categories: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, information leaks, and social engineering. Technical findings, methodology and an explanation of the score meanings and breach likelihood stats can be found in this fact sheet. More information on scoring methodology is explained in full on the SecurityScorecard Trust Portal.
The full visual representation of the data can be found here.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
View original content to download multimedia:http://www.prnewswire.com/news-releases/securityscorecard-reveals-75-of-us-states-and-territories-have-poor-overall-cybersecurity-leading-up-to-election-301152928.html
||The Top Software Development Companies, According to DesignRush | Nov 26, 2020
||Global Digital Pathology Systems Industry | Nov 26, 2020
||Global Low-Code Development Platform Market 2020-2030: AI-Enabled Low-Code Development Platform to Accelerate Digital Transformation | Nov 26, 2020
||Billtrust Upgrades Advanced Machine Learning in Cash Application Software, Speeding Cash to Businesses During Pandemic | Nov 26, 2020
||The global Artificial Intelligence-as-a-Service market was valued at USD 2.68 billion in 2019, and it is expected to reach USD 28.58 billion by 2025, registering a CAGR of 48.9% during the period of 2020-2025 | Nov 26, 2020
||REcolorado Names Roya.com as their New Website Partner | Nov 26, 2020
||BBT.live Announces Cooperation With RAD to Boost Network Flexibility with Lean SD-WAN | Nov 26, 2020
||Future FinTech Appointed Yang Liu as Chief Operation Officer | Nov 26, 2020
||Augmented Reality and Virtual Reality Market worth $77.0 billion and $20.9 billion by 2025 respectively - Exclusive Report by MarketsandMarkets(TM) | Nov 26, 2020
||5G in Defense Market by Communication Infrastructure, Core Network Technology, Platform, End-user, Network Type, Chipset, Operational Frequency, Installation and Region - Global Forecast to 2025 | Nov 26, 2020