75% of all 56 U.S. states and territories leading up to the presidential election, showed signs of a vulnerable IT infrastructure, a SecurityScorecard report reveals.
Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.
Election infrastructure: High-level findings
Seventy-five percent of U.S. states and territories’ overall cyberhealth are rated a ‘C’ or below; 35% have a ‘D’ and below. States with a grade of ‘C’ are 3x more likely to experience a breach (or incident, such as ransomware) compared to an ‘A’ based on a three-year SecurityScorecard study of historical data. Those with a ‘D’ are nearly 5x more likely to experience a breach.
- States with the highest scores: Kentucky (95) Kansas (92) Michigan (92)
- States with the lowest scores: North Dakota (59) Illinois (60) Oklahoma (60)
- Among states and territories, there are as many ‘F’ scores as there are ‘A’s
- The Pandemic Effect: Many states’ scores have dropped significantly since January. For example, North Dakota scored a 72 in January and now has a 59. Why? Remote work mandates gave state networks a larger attack surface (e.g., thousands of state workers on home Wi-Fi), making it more difficult to ensure employees are using up-to-date software.
Significant security concerns were observed with two critically important “battleground” states, Iowa and Ohio, both of which scored a 68, or a ‘D’ rating.
The battleground states
According to political experts, the following states are considered “battleground” and will help determine the result of the election. But over half have a lacking overall IT infrastructure:
- Michigan: 92 (A)
- North Carolina: 81 (B)
- Wisconsin: 88 (B)
- Arizona: 81 (B)
- Texas: 85 (B)
- New Hampshire: 77 (C)
- Pennsylvania: 85 (B)
- Georgia: 77 (C)
- Nevada: 74 (C)
- Iowa: 68 (D)
- Florida: 73 (C)
- Ohio: 68 (D)
“This is especially true in ‘battleground states’ where the Department of Homeland Security, political parties, campaigns, and state government officials should enforce vigilance through continuously monitoring state voter registration networks and web applications for the purpose of mitigating incoming attacks from malicious actors.
“The digital storage and transmission of voter registration and voter tally data needs to remain flawlessly intact. Some states have been doing well regarding their overall cybersecurity posture, but the vast majority have major improvements to make.”
Potential consequences of lower scores
- Targeted phishing/malware delivery via e-mail and other mediums, potentially as a means to both infect networks and spread misinformation. Malicious actors often sell access to organizations they have successfully infected.
- Attacks via third-party vendors – many states use the same vendors, so access into one could mean access to all. This is the top cybersecurity concern for political campaigns.
- Voter registration databases could be impacted. In the worst-case scenario, attackers could remove voter registrations or change voter precinct information or make crucial systems entirely unavailable on Election Day through ransomware.
“These poor scores have consequences that go beyond elections; the findings show chronic underinvestment in IT by state governments,” said Rob Knake, the former director for cybersecurity policy at the White House in the Obama Administration.
“For instance, combatting COVID-19 requires the federal government to rely on the apparatus of the states. It suggests the need for a massive influx of funds as part of any future stimulus to refresh state IT systems to not only ensure safe and secure elections, but save more lives.”
A set of best practices for states
- Create dedicated voter and election-specific websites under the domains of the official state domain, rather than using alternative domain names which can be subjected to typosquatting
- Have an IT team specifically tasked and accountable for bolstering voter and election website cybersecurity: defined as confidentiality, integrity, and availability of all processed information
- States should establish clear lines of authority for updating the information on these sites that includes the ‘two-person’ rule — no single individual should be able to update information without a second person authorizing it
- States and counties should continuously monitor the cybersecurity exposure of all assets associated with election systems, and ensure that vendors supplying equipment and services to the election process undergo stringent processes
While COVID-19 has proven the healthcare industry’s overall resilience, it has also increased its cybersecurity risk with new and emerging threats.
The rapid adoption and onboarding of telehealth vendors led to a significantly increased digital footprint, attack surface, and cybersecurity risk for both provider and patient data, a new report released by SecurityScorecard and DarkOwl has shown.
Telehealth use is booming, and so is the associated cybersecurity risk
According to a brief from the U.S. Department of Health and Human Services, at the height of the pandemic, the number of telehealth primary care visits increased 350-fold from pre-pandemic levels.
Researchers focused the 2020 healthcare report on reviewing the 148 most-used telehealth vendors according to Becker’s Hospital Review. The report indicates that telehealth providers have experienced a nearly exponential increase in targeted attacks as popularity skyrocketed, including a 30% increase of cybersecurity findings per domain, notably:
- 117% increase in IP reputation security alerts
- Malware infections — as part of successful phishing attempts and other attack vectors — ultimately cause IP reputation finding issues
- 65% increase in patching cadence findings
- Patching cadence is the regularity of installing security patches and is often one of the primary security policies that protect data
- 56% increase in endpoint security findings
- Exploited vulnerabilities in endpoint security enable data theft
- 16% increase in application security findings
- Patients connect with telehealth providers using web-based applications including structured and unstructured data
- 42% increase in FTP issues
- FTP is an insecure network protocol that enables information to travel between a client and a server on a network
- 27% increase in RDP issues
- RDP is a protocol that allows for remote connections, which has seen increased usage since the widespread adoption of remote work
Evidence on the dark web
Additionally, DarkOwl’s research showed a noticeable increase in mentions of major healthcare and telehealth companies across the dark web since February 2020. There was evidence of prolific and emerging threat actors selling electronic patient healthcare data, malware toolkits that specifically target telehealth technologies, and strains of ransomware that are uniquely configured to take down healthcare IT infrastructure.
Over the past four years, SecurityScorecard has reported on the cybersecurity struggles the healthcare industry faces. In this year’s report, SecurityScorecard and DarkOwl looked at over one million organizations – over 30,000 in healthcare alone – from September 2019 to April 2020 and analyzed terabytes of information to assess risk across 10 factors.
The healthcare industry, despite new risks from telehealth vendors, slightly improved its security posture compared to 2019. The industry moved to 9th place out of 18 reviewed industries (up from 10th in 2019.) This is heartening, especially as the industry has been overwhelmed by an influx of patients, limited resources, rationing, and other challenges due to COVID-19.
“While telehealth is an integral part of maintaining social distancing and providing patient care, it has also increased healthcare providers’ digital footprint and attack surface, which we see with the increase of findings per telehealth domain, and in factors like endpoint security,” said Sam Kassoumeh, COO and co-founder of SecurityScorecard. “It’s an indicator that healthcare organizations should continue to keep a focus on cyber resilience.”
Mark Turnage, CEO of DarkOwl adds, “Since the onset of the pandemic, cybercriminals are entering the healthcare data selling space which ultimately leads to new risks facing healthcare organizations and their IT supply stream. Threat protection teams must remain one step ahead of potential attackers, especially during this critical time.”