Jul 27, 2020 SOURCE: PR NewsWire

New Area 1 Security Study Shows that U.S. State & Local Election Administrators Remain Vulnerable to Phishing

REDWOOD CITY, Calif., July 27, 2020 /PRNewswire/ -- Today, Area 1 Security published the results of "Phishing Election Administrators," a comprehensive study analyzing more than 10,000 U.S. state and local election administrators' email phishing vulnerabilities. With fewer than 100 days left until Election Day, the report reveals that states are still in widely varying stages of cybersecurity readiness.

Key findings include:

    --  The majority (53.24 percent) of state and local election administrators
        have only rudimentary or non-standard technologies to protect themselves
        from phishing;
    --  Fewer than 3 out of 10 (28.14 percent) election administrators have
        basic controls to prevent phishing;
    --  Fewer than 2 out of 10 (18.61 percent) election administrators have
        implemented advanced anti-phishing cybersecurity controls;
    --  A surprising 5.42 percent of election administrators rely on personal
        email accounts or technologies designed for personal email (such as
        Yahoo!, Hotmail, AOL or others), to conduct their duties; and
    --  A number of election administrators independently manage their own
        custom email infrastructure, including using versions of Exim known to
        be targeted by cyber actors linked to the Russian military that
        interfered in prior U.S. elections.

Ninety-five percent of cybersecurity damages worldwide begin with phishing, and phishing campaigns come in all shapes and sizes. The majority of phishing campaigns begin with an innocuous and authentic email that individuals are unable to recognize as malicious. Consequently, the quality of email protection used by organizations and individuals has an inordinate bearing on their overall cybersecurity posture.

"Our elections are vital. They need to be resilient against whatever crisis the moment throws at us -- and that requires resources and planning," said Oren J. Falkowitz, co-founder of Area 1 Security. "However, most state and local election administrators are not very close to ensuring a safe election. This challenge is going to be exacerbated the longer it takes for them to get the resources and expertise needed to make changes."

Area 1's email security recommendations for state and local election administrators include:

    --  Ending use of Exim email servers: Given the government's guidance to
        update Exim to mitigate CVE-2019-10149 and other vulnerabilities
        including, but not limited to, CVE-2019-15846 and CVE-2019-16928,
        election administrators are urged to cease use of Exim. Upgrading alone
        does not mitigate exploitation. Prior Russian cyber activities directed
        towards U.S. elections make use of Exim ill-advised. For those who must
        continue running Exim, update to the latest version; running a version
        prior to 4.93 leaves a system vulnerable to disclosed vulnerabilities.
        Administrators can update Exim Mail Transfer Agent software through
        their Linux distribution's package manager or by downloading the latest
        version from https://exim.org/mirrors.html.


    --  Transitioning to cloud email infrastructure: Running custom email
        infrastructure requires network administrators to be perfect every
        single day. Instead, Area 1 Security recommends the use of cloud email
        infrastructure such as Google's GSuite or Microsoft's Office 365 in
        combination with a cloud email security solution.
    --  Ending use of personal email technologies for election duties: Under no
        circumstances should election administrators use personal email for the
        conduct or administration of elections.

Additional Resources:

    --  "Phishing Election Administrators" Report & Interactive Map
    --  Exim Vulnerability Security Advisory

To learn more, visit www.area1security.com/2020elections.

About Area 1 Security
Area 1 Security is the only company that preemptively stops Business Email Compromise, malware, ransomware and targeted phishing attacks. By focusing on the earliest stages of an attack, Area 1 stops phish -- the root cause of 95 percent of breaches -- 24 days (on average) before they launch. Area 1 also offers the cybersecurity industry's first and only performance-based pricing model, Pay-per-Phish.

Area 1 is trusted by Fortune 500 enterprises across financial services, healthcare, critical infrastructure and other industries, to preempt targeted phishing attacks, improve their cybersecurity posture, and change outcomes.

Area 1 Security is committed to Responsible Disclosure guidelines in all situations where it uncovers specific and verifiable campaign activity. As part of our commitment to those guidelines, Area 1 has been engaged with relevant stakeholders that have an interest in understanding this campaign in greater depth.

To learn more, visit www.area1security.com, follow us on LinkedIn, or subscribe to the Phish of the Week newsletter.

Media Contact:
Elaine Dzuba
pr@area1security.com

View original content to download multimedia:http://www.prnewswire.com/news-releases/new-area-1-security-study-shows-that-us-state--local-election-administrators-remain-vulnerable-to-phishing-301099973.html

SOURCE Area 1 Security

AREA 1 SECURITY

Related News

Area 1 Security Announces New Horizon PhishGuard(TM) Service at the Gartner Security & Risk Management Summit 2020

Area 1 Security Launches New North American Partner Program

Area 1 Security Appoints Steve Pataky as Chief Revenue Officer

Area 1 Security Raises $25 Million in Funding Led by ForgePoint Capital to Drive Fast-Growing Cloud Email Security Market

New Area 1 Security Research Uncovers One Million Ways Attackers Breach Office 365 Email

Area 1 Security's Steve Pataky and Dawn Ringstaff Recognized as 2021 CRN® Channel Chiefs

Blackline Safety Secures Largest Portable Area Gas Monitoring Deal Ever

U.S. Concrete Expands Bay Area Footprint

View all News

Latest Procurements

Industry Consultation Draft Electricity Services Agreement

Energy industry service providers are invited to provide feedback on the Department of Finance draft Electricity Services Agreement.

Basin Outlook Research, engagement and drafting

This Approach to Market is for the provision of: a. A technical description of the vulnerability of the Murray-Darling Basin’s environmental, social and economic values to climate change (3 different future...

Supply of Low Vision Aids and Appliances (Non-Optical) and Associated Services (LVA)

The Department of Veterans' Affairs (DVA) requests suitable organisations to tender for the supply Low Vision Aids and Appliances (Non-Optical) and Associated Services to eligible clients under the DVA Rehabilitation...

View all Procurementsp