Election Security Recommendation:
What Election officials have to be prepared for before voters cast their vote.
Harris Cyber Policy Initiative - Election Cyber Surge Recommendations(Dan Schulman and Beatrice Atobatele)
In the field of technology, cybersecurity has a significant role, and the security data become one between the most critical problems faced in today's world. When there is discussion regarding the cyber-crimes which are increasing very rapidly, the government and many corporations are having many measures so as for stopping these kinds of crimes. Inspire of many different steps, cybercrime is still increasing day by day. In this study, there is brief coverage over the challenges faced by the cybersecurity from new technology advancement and innovations and in addition to this, the paper also has its main focus on the latest cybersecurity techniques, trends and other ethics involved in the sector of cybersecurity.
General Recommendation: Consider yourself breached
As uncomfortable as the thought is, you will be, have already been, or currently are being breached by an attacker.
As you analyze the recommendations in this guide, settle into the mindset that “somebody is listening” on the network.
While it sounds a bit like a scary movie – and in some ways it is – this is a modern-day operations model that has become
the reality of mature technology organizations. Following the assume breach model, focus should be placed on keeping everything private even within our own networks.
Everything should be encrypted in transmission as we can no longer rely on networks being closed and safe. For the technical community, here are some examples of protocols that should be used
- SMB 3.0+
- RDP 6.0+ with NLA
Consider emails as woefully insecure.
Do not enter personal or confidential information into emails, as the storage of emails presents a risk just a large (if not greater than) email transmission itself.
TIP: Watch HBO’s The Perfect Weapon, as listed below in Recommendation 4, and see how this lesson was learned by Sony Pictures.
Email is the #1 attack vector as its ultimate control, humans, are easily to manipulate
Provide formal cybersecurity education awareness via email to your workforce about a variety of information security threats such as attackers pretending to be help desk personnel to gain access to login credentials.
Use network segmentation and inspection. Traffic from your desktop to the printer in the next room should not be allowed without transmitting through a device such as a firewall.
Migrate to a zero-trust architecture, and ensure users authenticate to all applications, not just high value assets.
Use Application whitelisting to protect computers and networks from potentially harmful applications.
Restrict local administrator accounts to a limited number of IT staff.
Regular malware scanning of computers and networks during non-peak hours.
We highly recommend a sound backup solution is in place, and that backup solution is tested accordingly. This includes all endpoints, including user laptops and desktops, as well as networking configurations and policies. Ransomware attacks are rising exponentially, both in quantity and sophistication. It will inevitably happen to all organizations.
Be proactive not reactive- Perform disaster recovery drill to activate, analyze and report on the effectiveness, speed and reliability of Disaster Recovery technologies such as failover, failback and backup including offline backups (use different keys from online backup)
A security framework, such as NIST- CSF, NIST 800-53, PCI-DSS, or ISO 27001, are wonderful places to start if no current information security process or plan is currently in place.