The US Department of Homeland Security is warning state election officials that phishing attacks are one of the greatest threats to watch out for as the 2020 elections approach.

Fifth Domain reports that Geoff Hale, director of the DHS’ Election Security Initiative, told a gathering of secretaries of state last week that phishing is what was used in past US elections to successfully breach networks belonging to political parties and state governments.

“We know that phishing is how a significant number of state and local government networks become exploited,” Hale said. “Understanding your organization's susceptibility to phishing is one of the biggest things you can do.”

The complexity and interconnectedness of the attack surface makes it extremely difficult to prevent these attacks from getting through, and it increases the damage that attackers can cause once they succeed. California's Secretary of State Alex Padilla said that “you can read the Mueller report on what the most effective strategies were that the Russians engaged in, and most cyber experts will tell you that it’s still phishing attempts that are rampant.”

Attackers of all skill levels use phishing because it works so well, and there’s no limit to the number of attempts they can launch. New-school security awareness training is one of the best defenses against phishing, because it addresses the actual target of the attack.

Fifth Domain has the story: https://www.fifthdomain.com/critical-infrastructure/2019/07/03/the-biggest-concern-for-election-security-may-be-phishing/