.png?width=40&height=40&name=search%201%20(1).png){kind=small}
We talked about the vulnerability of presidential campaigns in March. We talked about the reality of election threats in September. And now, after almost a full year of discussion, we’re dealing with the aftermath—the FBI and CIA agree that Russia hacked pieces of our election to put Donald Trump in office!
So, what happened? Did a massive state-sponsored attack manipulate our voting machines? Did Russian super spies use their hacking skills to derail the Clinton campaign?
No. Our election was impacted by a basic phishing attack—an age-old issue that now has global consequences.
The DNC email hack was (and continues to be) an important part of the 2016 election narrative. But that’s not what we’re talking about right now.
The most recent discoveries of Russia’s election hacking are related to a March 19, 2016 hack of John Podesta, Hillary Clinton’s campaign chair.
Podesta received a suspicious email claiming that he had to click a link to reset his Gmail password immediately. He did the right thing and contacted his IT team after noticing that something wasn’t quite right.
But the IT team told Podesta that the email was legitimate! IT leaders instructed Podesta to reset his password immediately and enable two-factor authentication (which wasn’t configured at the time). They provided a safe link to reset the password, but something got lost in translation and Podesta clicked the malicious link in the email.
This phishing attack gave Russian hackers a presence in the Clinton campaign’s email servers. They evaded detection from March through October when Podesta’s emails started popping up on WikiLeaks.
Reports note that Podesta’s emails were irrelevant to the Clinton campaign, but the media coverage of email hacking became a major point in the election race nonetheless.
News outlets will continue to debate the impact these hacks had on the election, but let’s look beyond politics. What do the Russian election hacks say about the state of cybersecurity?
How many times do we have to read that human error is the leading cause of data breaches before we do something about it?
Yet again, this year’s Verizon Data Breach Investigation Report found that human error (resulting in successful phishing attacks, unpatched/vulnerable systems and more) is the primary way that attackers take advantage of our networks.
In the Podesta scenario, human error was on full display. But not just on the employee’s (Podesta’s) part—on the part of the IT team! Not only that, but attackers persisted in the email servers for over 6 months and the only reason they were detected seems to be that emails were released to the public. This just can’t happen under today’s cybersecurity pressures.
We say it again and again, but greater network visibility is critical to overcome these age-old human error and detection problems. There will always be human error—people aren’t perfect. But these attackers are too smart for us to think they won’t find the dark corners of our networks.
Design a connectivity strategy that ensures all the data is passed to your monitoring and security tools. After all, your tools are only as good as the data they receive. If you’re still relying on SPAN ports for network monitoring and visibility, you are dropping packets and your tools are not providing you the visibility required to trigger alerts based on aberrant behaviors.
How do you know what is aberrant behavior?
As we’ve seen, network breaches have implications beyond remediation costs. For each industry or sector – the outcome varies – maybe it’s to change public perception, maybe it’s to hold a patient information hostage, or maybe it’s for a quick few bitcoins.
Knowing your baseline traffic is not a one and done exercise. This is an ongoing process, that each year needs a refresh.
Start now with downloading our free white paper, How to See Your Baseline Traffic.