April 30, 2019

2020 Presidential candidates at risk from poor email security

By Ellen Daniel

Email is the origin of 96% of data breaches, which can have serious consequences for businesses, individuals, and in the context of politics, candidates and their campaigns.

During the 2016 presidential campaign, chairman of Hilary Clinton’s campaign John Podesta was the victim of a spear-phishing attack, which led to the now-infamous WikiLeaks email publication, ultimately derailing the campaign and influencing the result of the election.

In France, a similar thing happened in the run-up to the 2017 French presidential election, when emails from Emmanuel Macron’s campaign were leaked.

However, despite these lessons from the past, nearly all of the top-tier candidates running in the 2020 US presidential election are unprotected against email attacks, fraud and data breaches.

This is according to a new report published today by Agari. The cybersecurity company investigated the email security of the top 12 Democratic and Republican candidates and indexed their campaigns’ adoption of email authentication technology.

It found that 10 of 12, or 83%, have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite. Furthermore, 11 have failed to implement email authentication, leaving them vulnerable to candidate impersonation and donor fraud. Elizabeth Warren was the only candidate with both email authentication and advanced email security.

Email authentication failings put candidates and voters at risk

The use of email authentication is a way of proving that an email comes from the person it says it does and with nearly 30% of advanced email attacks coming from hijacked accounts, it is an important area of cybersecurity. Without it, email accounts are vulnerable to email security-initiated breaches, the types of attacks typically instigated by nation-states. This leaves not only candidates, but also voters, donors and staff members at risk.

Patrick Peterson, CEO of Agari said:

“As a company founded on the sole principle of protecting digital communications so that humanity prevails over evil, we feel a strong sense of duty to do our part to ensure the 2020 U.S. presidential election cycle is contested on a fair field and not one influenced by bad actors or nation states.

“Every day we, at Agari, witness the devastating effects of cybercrime: sensitive data being stolen, people being defrauded out of money, identities being compromised. And every day we work to put those demons back into the bottle.

“Email, by far the most common communication medium, is being weaponized by advanced sophisticated attackers who find it far too easy to send targeted messages that do real harm to people and abuse the fundamental freedoms we enjoy as US citizens, like the right for our votes to decide election outcomes. Our technology shines a light into the dark corners where cyber criminals operate so that they can be caught.”