On November 5, 2018, millions of Americans will go to the polls to vote in the midterm elections. But, unfortunately, much of the election discussion isn’t about politics but cybersecurity. You probably recall that the last major U.S. election was marred by controversy. There was the cyber attack on the Democrats, Hillary Clinton and John Podesta’s personal emails were leaked, and Facebook allegedly enabled electoral interference.
To avoid similar problems this time, Congress has allocated $380 million to improving the nation’s cybersecurity defenses.
“There is no going back to the way things were,” said Rhode Island Secretary of State Nellie Gorbea, co-chair of the Elections Committee at the National Association of Secretaries of States. “We have to constantly be wary and face the facts that our elections are under threat at an international level. We have to safeguard our democracy.”
Where is the money going?
The Election Assistance Commission has confirmed that 26 states have received additional funding. Every state that requested funds received at least $3 million, but more heavily populated states received larger sums. Texas was granted the biggest share ($23 million), followed by New York ($19.4 million), Florida ($19.2 million), and Pennsylvania ($13 million).
Many states are using the money to make last-minute improvements, such as information security training for staff, hiring cybersecurity consultants, and bolstering their verification processes. Several states also intend to conduct post-election audits.
The money will also go toward long-term improvements, with voter registration systems set to be upgraded or replaced across the country.
These are all positive changes, but Thomas Hicks, the commission’s chairman, said that many state election officials wanted even more money. This is a familiar problem in cybersecurity – and business in general for that matter. There are limited resources, so not everyone’s needs can be met. As such, whether you feel short-changed or not, it’s important to learn how to spend your budget wisely and prioritize the most important things.
For the U.S. in the run-up to the midterms, that has meant select changes to the fundamentals of information security: people, processes, and technology. This is a good strategy, and one that all organizations should consider.
Cybersecurity and the GDPR
Working with tight cybersecurity budgets is something you probably experienced following the introduction of the EU GDPR (General Data Protection Regulation) in May 2018.
The GDPR applies to the personal data of all EU residents, irrespective of their location, meaning many U.S. organizations are affected. Even if they aren’t, the Regulation is something they need to pay attention to, because it has become the global standard for protecting personal data. Its framework is already gaining influence and being incorporated into data protection laws across the globe, and many organizations require potential partners or clients to comply with the GDPR’s requirements.
Watch our GDPR webinar
You can learn more about the Regulation by watching our free webinar: GDPR compliance and information security: reducing data breach risk. It covers:
- An overview of the GDPR
- How adopting ISO 27001, the international standard for information security, can help you comply with the Regulation
- The biggest risks to your information security
- What you should do to mitigate the risk of, and respond to, data breaches
- The GDPR’s technical and organizational requirements
This webinar takes place on Tuesday, October 23, 2018, at 1:00 pm (EDT). If you can’t make it, the presentation will be available to download from our website, where you can also view our past webinars.