What security pros can learn from the bad information spread during this year’s election cycle

COMMENTARY: Cybersecurity leaders across all levels of government face new challenges as this year’s election approaches – hurdles that are substantially different than the ones they dealt with four years ago when the last presidential ballots were cast.

Today, heightened domestic polarization has made physical threats to the safety of election officials and poll workers a greater concern. Fueling this polarization are foreign attempts to shape the public opinion of Americans, including perceptions about the fairness of the voting process and accuracy of election results. Even if officials run a secure election, they’ll still battle trust issues if there’s public perception that the voting process or election outcome is unfair.

Mis-, dis-, and mal-information defined

When we hear the phrase “election tampering,” we may picture an individual hacking into voting machines or voter databases. However, one of the most pervasive threats impacting cybersecurity today comes in the form of mis-, dis- and mal-information (MDM). It’s a new buzzword, but this activity has existed for more than a century.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

The rise of the internet and social media has made it easier to spread MDM. Take the 2016 U.S. election when the Russian Internet Agency (RIA) employed around 500 people to masquerade as Americans online, according to reports. These content creators generated about 80,000 social media posts designed to heighten U.S. domestic polarization. Other countries have followed suit, spreading MDM with the goal of influencing subsequent elections.

The role of Generative AI

While Generative AI (GenAI) isn’t the cyber “death ray” for threat actors as some predicted, it’s lowered the barrier to entry for and enhances the capabilities of those spreading MDM, making it easily accessible to a wider range of malicious actors.

Today, a handful of people using GenAI to create content could rival the output of RIA’s social media production in 2016, and these individuals wouldn’t need to be fluent English speakers or understand American culture to do so.

Beyond elections, GenAI makes MDM accessible to a wider range of individuals, with MDM having the potential to impact all industries. For example, mal-information introduced by a threat actor as part of a retail scam meant to mislead and harm consumers seeking to take advantage of a “too good to be true” deal around the holidays. Security and IT leaders can learn critical lessons from the ways in which MDM impacts elections, and how election officials are actively managing this risk.

There are several steps security and IT practitioners should take across the public and private sectors to guard against MDM:

Of course, MDM represents just one of many cybersecurity risks that teams must work to manage. In the election process, it’s critical to secure everything from devices to databases, as MDM functions as just one of numerous digital threats. Activities that prevent citizens from voting are a concern: What if a ransomware attack locks the registration database in the months prior to election day? The inability to access it because the data has been encrypted could prevent local jurisdictions from pulling the data they need to create ballots for the registered voters in each precinct.

These ongoing challenges underscore the importance of periodically reassessing security controls along with risk management policies and processes. Taking proactive measures now to enhance cybersecurity will go a long way in effectively protecting our organizations.

Jim Richberg, head of cyber policy, global field chief information security officer, Fortinet

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.