• Product
    • Overview
    • Why Area 1
      • Customer Reviews
      • Case Studies
    • Technology
    • Pricing
    • Free Trial
  • Solutions
    • Phishing Attacks
    • Business Email Compromise
    • Cloud Email Security
      • Office 365
      • Gmail
    • Autonomous Phish SOC
    • COVID-19 Phishing
    • Election Security
  • Partners
    • Find a Technology Partner
    • Find a Channel Partners
    • Become a Partner
  • Resources
    • Resources
    • Blog
    • Events | Webinars
    • Newsletter
    • Phishing Glossary
  • Company
    • About
    • Trust Center
    • News
    • Careers
    • Contact
  • Search
Area 1

Request a FREE Demo Today!

  • KEY USE CASES

    Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.

    Learn More
    Area 1

    Request a FREE Demo Today!

  • THE CHALLENGE

    SEGs, cloud email and DMARC struggle against the most sophisticated phishing attacks. Area 1 is the only company that preemptively blocks Type 1-3 BEC phishing, and other highly targeted attacks.

    Learn More

    PHISH OF THE WEEK

    This much should be clear by now – we at Area 1 absolutely detest phish! But in some weird karmic way, we exist because phish exist…and we exist to quell each and every one of the attacks hitting our customers.

    Well, it just got a lot harder on those pesky creatures, and a lot better for our current — and future — customers.

    View Now
    Area 1

    Request a FREE Demo Today!

  • FIND A TECHNOLOGY PARTNER

    Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure.

    Learn More

    FIND A CHANNEL PARTNER

    Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others.

    Learn More
  • NEW ON THE BLOG

    A rapidly evolving phishing campaign is on the loose.

    Read Blog

    UPCOMING WEBINAR

    How did one million phishing emails bypassed Office 365 defenses?

    Register Here
  • WHO WE ARE

    At Area 1 Security, We Stop Phish. We’re accountable to you: that means we believe you should pay only to cybersecurity company that works. If it doesn’t protect you, why invest in it?

    Learn More

    IN THE NEWS

    Read Here

    Need to Contact Us?

    We’re here to help

    Area 1
Area 1 Security
  • Product
    • OVERVIEW
      • Why Area 1
        • WHY AREA 1
          • Customer Reviews
          • Case Studies
      • Technology
      • Pricing
      • Free Trial
  • Solutions
    • SOLUTIONS
      • Phishing Attacks
      • Business Email Compromise
      • Cloud Email Security
        • CLOUD EMAIL SECURITY
          • Office 365
          • Gmail
      • COVID-19 Phishing
      • Autonomous Phish SOC
      • Election Security
  • Partners
  • Resources
    • RESOURCES
      • Blog
      • Resource Library
      • Newsletter
      • Events | Webinars
      • Phishing Glossary
  • Company
    • COMPANY
      • About
      • Trust Center
      • News
      • Careers
      • Contact
  • Search
  • Try Area 1

New Area 1 Security Study Shows that U.S. State & Local Election Administrators Remain Vulnerable to Phishing

Elaine Dzuba July 26, 2020
PhishingElectionAdministration

With only 100 days until Election Day, Area 1 Security’s new “Phishing Election Administrators” report assesses the depth of current email security controls used by 10,000 U.S. state and local election administrators.

Today, Area 1 Security published the results of “Phishing Election Administrators,” a comprehensive study analyzing more than 10,000 U.S. state and local election administrators’ email phishing vulnerabilities. With fewer than 100 days left until Election Day, the report reveals that states are still in widely varying stages of cybersecurity readiness.

Key findings include:

  • The majority (53.24 percent) of state and local election administrators have only rudimentary or non-standard technologies to protect themselves from phishing;
  • Fewer than 3 out of 10 (28.14 percent) election administrators have basic controls to prevent phishing; 
  • Fewer than 2 out of 10 (18.61 percent) election administrators have implemented advanced anti-phishing cybersecurity controls; 
  • A surprising 5.42 percent of election administrators rely on personal email accounts or technologies designed for personal email (such as Yahoo!, Hotmail, AOL or others), to conduct their duties; and
  • A number of election administrators independently manage their own custom email infrastructure, including using versions of Exim known to be targeted by cyber actors linked to the Russian military that interfered in prior U.S. elections.

The interactive map below shows our rating system applied to every county in the United States. Where there is more than one election administrator in a county we have assigned the highest rating observed. The highest rating does not mean there are not severe cybersecurity risks to phishing in a given county based on our rating system. Further, it only takes one to cause significant damage.

Ninety-five percent of cybersecurity damages worldwide begin with phishing, and phishing campaigns come in all shapes and sizes. The majority of phishing campaigns begin with an innocuous and authentic email that individuals are unable to recognize as malicious. Consequently, the quality of email protection used by organizations and individuals has an inordinate bearing on their overall cybersecurity posture.

“Our elections are vital. They need to be resilient against whatever crisis the moment throws at us — and that requires resources and planning,” said Oren J. Falkowitz, co-founder of Area 1 Security. “However, most state and local election administrators are not very close to ensuring a safe election. This challenge is going to be exacerbated the longer it takes for them to get the resources and expertise needed to make changes.”

Area 1’s email security recommendations for state and local election administrators include:

  • Ending use of Exim email servers: Given the government’s guidance to update Exim to mitigate CVE-2019-10149 and other vulnerabilities including, but not limited to, CVE-2019-15846 and CVE-2019-16928, election administrators are urged to cease use of Exim. Upgrading alone does not mitigate exploitation. Prior Russian cyber activities directed towards U.S. elections make use of Exim ill-advised. For those who must continue running Exim, update to the latest version; running a version prior to 4.93 leaves a system vulnerable to disclosed vulnerabilities. Administrators can update Exim Mail Transfer Agent software through their Linux distribution’s package manager or by downloading the latest version from https://exim.org/mirrors.html.
  • Transitioning to cloud email infrastructure: Running custom email infrastructure requires network administrators to be perfect every single day. Instead, Area 1 Security recommends the use of cloud email infrastructure such as Google’s GSuite or Microsoft’s Office 365 in combination with a cloud email security solution.
  • Ending use of personal email technologies for election duties: Under no circumstances should election administrators use personal email for the conduct or administration of elections. 

Resources:

  • Report & Map: “Phishing Election Administrators”
  • Security Advisory: Exim Vulnerability

To learn more, visit www.area1security.com/2020elections. 

Area 1 Security is committed to Responsible Disclosure guidelines in all situations where it uncovers specific and verifiable campaign activity. As part of our commitment to those guidelines, Area 1 has been engaged with relevant stakeholders that have an interest in understanding this campaign in greater depth. 


For media and industry analyst inquiries, please contact Elaine Dzuba at [email protected]. For all other election security-related inquiries, please contact [email protected].

Want to keep up to date with the latest phishing trends?

Subscribe to our newsletter here!

Subscribe

With only 100 days until Election Day, Area 1 Security’s new “Phishing Election Administrators” report assesses the depth of current email security controls used by 10,000 U.S. state and local election administrators.

  • Cybersecurity
  • Election Security
  • phishing
  • Threat Intelligence
Related Blogs
 

Blog

What Phishing Threats Are Sitting in Your Inboxes Right Now?

Inbox Protection Assessment Every day at Area 1 Security we see Customers’ existing cybersecurity defenses miss phishing emails. Ransomware, data …

 

Blog

Area 1 Security Introduces Cyber Attack Preemption

Overview Targeted phishing is the number one cyber attack vector worldwide. Because these socially engineered attacks so easily pierce static …

 

Blog

How Innovative Detection Techniques Prevent Phishing

Is your security infrastructure able to block targeted phishing attacks? According to a recent research report, most organizations can’t. Specifically, …

View More Blogs >
Detect. Disrupt. Defeat.

No-Phishing Zone

Schedule A Demo
Area 1 Security

[email protected]

Sales 650.381.1647

142 Stambaugh Street
Redwood City, CA 94063

Partners
  • Product
  • Overview
  • Why Area 1
  • Technology
  • Demo Request
  • Solutions
  • Resources
  • Company
  • About
  • News
  • Events
  • Careers
  • Contact Us
  • Blog
Area 1 Security
  • Product
  • Overview
  • Why Area 1
  • Technology
  • Demo Request
  • Solutions
  • Resources
  • Company
  • About
  • News
  • Events
  • Careers
  • Contact Us
  • Blog

[email protected]

Sales 650.381.1647

142 Stambaugh Street
Redwood City, CA 94063

Partners
© 2021 Area 1 Security
  • Trust Center
  • Privacy