This year is one of the biggest for elections around the world, with 64 countries heading to the polls. The UK government and the NCSC have already issued warnings that current geopolitical tensions may lead nation-state actors attempting to meddle in election results through various cyberthreats.
Beyond the threat of nation-state activity, this year marks the first large-scale election in the UK in the time of deepfakes and AI, which have the potential to spread misinformation and disrupt the integrity of the country’s democratic processes.
Trustwave’s latest threat report focuses on vulnerabilities and cybersecurity dangers within the public sector. Worryingly, part of our findings showed a significant amount of election-related data and information being shared on underground Dark Web forums.
Threat actors were seen to be selling voter registration rolls, election results, and internal communications, which can be used to target individual voters or eradicate trust in the UK’s democracy. Another concern is that this information poses a threat against national and public safety. As such, it’s vital for governments to adopt the right threat intelligence capabilities to stay ahead of bad actors and maintain full visibility over their networks and on underground forums.
The evolution of AI and deepfakes
AI and deepfakes are becoming increasingly sophisticated and used for malicious purposes. In the run up to July 4th, Britain’s Cyber Agency has already warned the public to be wary of progressively realistic deepfake videos being used to spread misinformation and cause fear. One such example is the audio clip of Labour party leader Sir Keir Starmer verbally abusing party staffers and criticizing Liverpool in September last year.
While measuring the impact of this type of misinformation is a notoriously difficult task, it’s crucial for governments to understand its impact on the integrity of elections and how to limit its effects.
Moving forward securely
Fortunately, the UK has already introduced several new policies addressing the vulnerabilities around elections. Alongside the government’s vision to be a ‘leading and responsible democratic power’ by 2030, the UK has established a Defending Democracy Taskforce that oversees the election process and ensures tight security procedures are in place.
Mitigating cyber risk isn’t always easy, however, as we’re seeing the evolution of sophisticated threat actor tactics and the use of cybersecurity attacks ‘as-a-service.’ These allow attackers to increase their chances of success without the necessary skills they would need to manually launch an attack. In addition, this makes it more complex for governments to attribute attacks to specific states or groups and even unsuccessful attacks can cast aspersions on democratic outcomes.
Ultimately, it’s vital for governments and public sector organizations to work collaboratively toward a more secure electoral process and share best practices in order to reduce risk. In today’s geopolitical landscape, it’s vital that the government understands the seriousness of an attack on electoral processes, and ensures that cybersecurity has been tightened in order to uphold UK democratic integrity.
Image Credit: Roibul/Dreamstime.com
Barry O’Connell is the General Manager of EMEA regions at Trustwave. Barry has spent more than 20 years leading digital transformation and cybersecurity organizations. He has extensive experience driving multi-million-dollar businesses throughout Europe and the United States. Most recently, Barry was EMEA General Manager at DXC. Previously he held a number of executive leadership roles at HPE in areas such as Corporate Development, Managed Security Services and Professional Services.
