Posted 15 Oct 2020
New York – October 15, 2020 – A report released today reviews the overall cybersecurity posture, including election-related infrastructure, of all 56 U.S. states and territories leading up to the presidential election. The “State of the States” infographic report found that the vast majority (75%) showed signs of a vulnerable IT infrastructure. The report was authored by SecurityScorecard, a New York-based cybersecurity firm and the global leader in security ratings. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following the US election.
“The IT infrastructure of state governments should be of critical importance to securing election integrity,” said Alex Heid, chief research and development officer at SecurityScorecard. “This is especially true in ‘battleground states’ where the Department of Homeland Security, political parties, campaigns, and state government officials should enforce vigilance through continuously monitoring state voter registration networks and web applications for the purpose of mitigating incoming attacks from malicious actors. The digital storage and transmission of voter registration and voter tally data needs to remain flawlessly intact. Some states have been doing well regarding their overall cybersecurity posture, but the vast majority have major improvements to make.”
Potential Consequences of Lower Scores
“These poor scores have consequences that go beyond elections; the findings show chronic underinvestment in IT by state governments,” said Rob Knake, the former director for cybersecurity policy at the White House in the Obama Administration. “For instance, combatting COVID-19 requires the federal government to rely on the apparatus of the states. It suggests the need for a massive influx of funds as part of any future stimulus to refresh state IT systems to not only ensure safe and secure elections but save more lives.”
How States and Territories Can Improve
First and foremost, election security is a significant priority for SecurityScorecard as it is aligned with the company’s mission to make the world a safer place. Any state that wishes to receive a free version of its Scorecard may contact [email protected] and will promptly receive a complimentary version of the company’s product expanded beyond what is otherwise publicly offered.
"SecurityScorecard takes election security very seriously and we are here to help. While this report shines a light on some of the gaps in state security, there are paths to remediation,” said Sachin Bansal, general counsel at SecurityScorecard. “We already offer our solution at no charge to all federal campaigns and parties, and the same offer now applies to any state and territory. We're on the same side of the fight against malicious actors who threaten the safety and security of our national cyber infrastructures.”
A set of best practices for states includes:
Methodology and the Meaning of Scores and Breach Likelihood
From September to early October 2020, SecurityScorecard evaluated and scored each state based on findings across 10 categories: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, information leaks, and social engineering. Technical findings, methodology, and an explanation of the score meanings and breach likelihood stats can be found in this fact sheet. More information on scoring methodology is explained in full on the SecurityScorecard Trust Portal.
The full visual representation of the data can be found here.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve, and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.