Hack the Vote: 3 Critical Lessons for Business

Posted November 4, 2016

Hack the Vote: 3 Critical Lessons for Business

This Election Season, Democracy is in the Crosshairs of Hackers. The Real Target? Your Brand.

It’s enough to make you miss the “October Surprises” of yesteryear.

Gone are the days when last minute revelations could throw an unexpected wrench in the eleventh hour of a bitter presidential campaign.

Today, these factors are exacerbated by endless months of email hacks aimed at eroding candidate support and even confidence in the integrity of our democratic process. Factor in the particular dynamics of Election 2016, and it’s no wonder there’s so much anxiety about the outcome of Tuesday’s vote.

Will hackers infiltrating state elections systems alter the results of the election? Not likely.

But that doesn’t mean there isn’t cause for concern—or lessons to be learned by brands that may soon discover that they’re the real targets.

Chaos Theory

Over the last few weeks, the Department of Homeland Security has revealed that hackers have indeed compromised the voter registration systems of more than 20 states.

But it’s important to differentiate these attacks from those perpetrated on the Democratic Party and revealed through entities like WikiLeaks. While those assaults are openly designed to sow chaos, most hackers have their eyes on something else entirely.

The truth: US election results are nearly impossible to manipulate, mostly because our voting systems are so antiquated. Instead of an integrated whole, we have decentralized systems that are generally not even connected to the Internet, let alone to one another.

Many of these state systems are in desperate need of modernization. But their disconnected nature is actually by design—and this year at least, this lack of technical sophistication may be a saving grace.

So what’s the danger? Those attacks on state systems aren’t aimed at altering votes at all. Instead, their focused on stealing the identities of your customers and prospects.

In Illinois, for instance, hackers recently stole roughly 90,000 voters’ personal information—including their names, driver’s license numbers and the last four digitals of their Social Security Numbers. If there was a political motive, the data would have been altered or deleted. But that was not the case.

“Whoever did that hack really just wanted the voter data,” says Joseph Lorenzo Hall of the Center for Democracy & Technology. Why? According Lorenzo, it’s simple: Voter registration data is some of the most useful for committing identity fraud.

Collateral Damage

In other words, election system hacking isn’t likely to be a threat to democracy. But it still may end up costing your brand a bundle.

To protect yourself, it’s critical to absorb the lessons to be learned from these developments.

  • Don’t be a soft target: When Election 2016 fades from the headlines, so too might talk of data breaches on voting systems. But the threat of this to your company will remain, whether from foreign powers or (more likely) ruthless cybercriminals. As predators armed with an increasing amount of pilfered data seek to pick off easy targets, you don’t want to be the slowest gazelle in the herd. Your defenses against identity fraud will determine whether your brand gets a vote of confidence from consumers.
  • Don’t overlook your weakest links: Even organizations with the most hardened defenses are vulnerable to human mistakes that can put your systems and data at risk. In Arizona, the state’s voter registration system was recently compromised when an election official’s credentials were found for sale on the Dark Web. The painful reality is that asking individuals to authenticate with an email address and password is woefully inadequate—especially when legitimate credentials are stolen and propagated so easily.
  • Verify, then trust: It’s not like you can treat every customer like a criminal until they can prove they are who they claim to be when they conduct business online. To be effective, your systems need access to shared, global intelligence that can be used to transparently authenticate website visitors. IP and device identification help, but being able to use established patterns of digital behavior significantly increases the fidelity of the trust signal so you can confidently recognize good customers without compromising the user experience—while keeping the digital world’s true deplorables out of your systems.

It may not be your patriotic duty. But it is smart business for every brand.

Armen Najarian

Armen Najarian

Chief Marketing Officer, ThreatMetrix

close btn