US 2020 Presidential Campaign Cyber Security Examined

Uploaded on 2019-10-14 in GOVERNMENT-National, FREE TO VIEW

The US Internet Society’s Online Trust Alliance (OTA) is a cross- industry organisation which identifies and promotes security and privacy best practices that build consumer confidence in the Internet.

They have recently conducted an evaluation of the 2020 US presidential campaigns, examining three main categories: 

  • Privacy – data sharing, retention, notice, and third-party restriction policies in the privacy statement, as well as analysis of third-party tracking on the website
  • Website Security – server security, use of encryption for web sessions, protections such as firewalls and potential site vulnerabilities
  • Consumer Protection – protection of email via authentication and encryption between servers, and protection of domains from hijacking

As with making any payments or donations, or signing up for any online service, users are encouraged to evaluate campaigns to see if the published practices are consistent with their individual expectations regarding the collection, use, and sharing of their data.

As outlined in this report, the published privacy statements vary significantly, from stating that they disallow any sharing to language effectively enabling campaigns to share personal information broadly with any third party.
 
As cyber threats increase and privacy concerns heighten, the relevancy and timeliness of this report is significant, underscoring the imperative that data security, protection, and privacy need to be integrated into every service, business process, website, and mobile application, whether commercial or political.

Source: Internet Society


 
All campaigns listed in the failure column had a failure in the privacy category, and two campaigns also failed in the consumer protection category.

Overall, the survey found that campaigns have strong website security, reasonable email and domain protections, and poor privacy scores. Privacy statements are the biggest concern, causing failure for 70% of the campaigns.

Internet Society

You Might Also Read: 

Foreign Cyber Intrusions On The USA:

 

« Iranian Hackers Deploy New Spear-Phishing Techniques
Good Cyber Security Practice On The Go »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

NextPlane

NextPlane

NextPlane provide secure real-time B2B unified communication and collaboration solutions within and across business systems.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

ISF Annual World Congress

ISF Annual World Congress

ISF Annual World Congress, our flagship global event, offers attendees an opportunity to discuss and find solutions to current security challenges.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.