User Credential Compromise
Attackers will look to breach the accounts that offer the least resistance and escalate their way up to the users with more valuable information, according to Todd Moore, Gemalto's senior vice president of encryption products. Consistency often proves elusive, Moore said, since a small funding base at the local government level means their data protection and access control capabilities lag behind state and federal counterparts.
A compromised user name or password is the single easiest way in for bad actors since the system isn't able to distinguish between the intended or an unintended user entering the right password, according to Jason Hart, Gemalto vice president and CTO for data protection. By gaining access to election data, Hart said bad actors can cause reputational damage and discredit a candidate or their entire campaign.
Access control safeguards should go beyond multifactor authentication, Moore said, and include biometrics, fingerprints, keystroke examination and other environmental factors to ensure the bad guy isn't able to enter with just a password. And should a bad actor breach the perimeter, Moore said strong segregation and classification of data should help prevent access to the crown jewels.