On July 10th, Joe Biden’s US presidential campaign announced it was hiring a Chief Information Security Officer (CISO) and a Chief Technology Officer (CTO).
Biden’s campaign team told The Hill that these security professionals would help “mitigate cyber threats, bolster… voter protection efforts, and enhance the overall efficiency and security of the entire campaign.”
This development confirms what cybersecurity experts have long understood — that, just like businesses, political campaigns require a CISO. We’ll tell you why.
Are political campaigns likely targets of cybercrime?
Rates of cybercrime — and the sophistication of cybercriminals — continue to increase across all sectors. Whether it’s phishing attacks, malware, ransomware, or brute force attacks, incidents are on the rise.
- Political campaigns are a cornerstone of the democratic process
- They process the personal information of thousands of voters
- They handle confidential and security-sensitive information
These aren’t anecdotal reasons. Political campaigns have been targeted by cybercriminals before.
For example, in 2016, Hillary Clinton’s campaign manager, John Podesta, received a spear phishing email disguised as a Google security alert. Podesta followed a link, entered his login credentials, and exposed over 50,000 emails to malicious actors. This is a great example of how human error can lead to data breaches and goes to show that anyone can make a mistake.
That’s why cybersecurity is so important.
Learn how Tessian prevents spear phishing attacks.
How can a CISO help a political campaign?
Hiring a CISO — and thus improving the cybersecurity of political campaigns — has three main benefits:
- Safeguarding the democratic process
- Protecting voter privacy
- Maintaining national security
Let’s explore each of these in a bit more detail. You can also check out our CISO Spotlight Series to get a better idea of what role a CISO plays across different sectors.
Safeguarding the Democratic Process
Whatever your political persuasion, it’s hard to ignore headlines that detail the role cybercriminals played in the 2016 US election, including:
- Cyberattacks occurred against politicians
- Electoral meddling undermined voters’ faith in the democratic process
- Better cybersecurity could have mitigated the impact of electoral cyberattacks
A CISO ensures better coordination of a political campaign’s IT security program. This can involve:
- Mandating security software on all campaign devices
- Setting up DMARC records for domains used in campaigning
- Assessing risk and responding to threats
- Increasing staff awareness of good cybersecurity practices
Of course, these functions aren’t specific to political campaigns. A CISO’s job, whether at a big bank or a law firm, is to safeguard systems, data, and devices by implementing policies, procedures, and technology and to help build a positive security culture.
The difference, though, is that while a CISO at your “average” organization helps prevent data breaches and other security incidents, the CISO of a political campaign does all of this while also helping maintain faith in the process among voters.
Keep reading to find out how.
Protecting voter privacy
Political campaigns must communicate directly with individual voters which means those working on the campaign have access to highly sensitive information. And, we’re not just talking about names and addresses. Even a person’s intention to vote is highly sensitive personal information.
While – yes – many people publicly proclaim their ideology and voting intention via social media, those people don’t expect their information to be mined by data-harvesting software, combined with other personal information, and shared with unauthorized third parties. They simply want to share their views with friends, family, and followers.