Microsoft revealed in a blog post that hackers associated with Iran have targeted a 2020 presidential candidate. The threat group, called Phosphorous, made more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft accounts and then attack 241 of those accounts. The targeted accounts were associated with a presidential campaign, current and former U.S. government officials, journalists and prominent Iranians living outside the country.
This attack reinforces that the main threat to the U.S. presidential election is not really on Election Day. Intelligence experts have repeatedly warned us that nation-states, criminals, and political partisans will attack our American election system and American electoral process in 2020. Our country is preparing for these election security issues and elevating 2020 election security by modernizing voting systems and introducing security into many layers of the process, including the recording and tallying of votes.
But voting security on the day of the election shouldn’t be our only worry. The attacks by Phosphorous show that nation-states are now involved in cyber attacks at a grand scale. Phishing attacks, spoofing, man-in-the-middle attacks, unmanaged BYOD, and more pose huge risks in the lead up to Election Day. With the proliferation of mobile and cloud technologies, there are more potential access points to be exploited than ever before.
Presidential campaign leaders need to ensure that their data is protected, wherever it travels. Zero trust assumes that bad actors are already in the network and grants secure access to resources based on a “never trust, always verify” approach. This approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user.
MobileIron’s mobile-centric zero trust platform addresses the security challenges of the perimeter-less organization while allowing the agility and anytime access that presidential campaign leaders need. MobileIron’s platform is built on the foundation of award-winning and industry-leading unified endpoint management (UEM) capabilities with additional zero trust-enabling technologies, including contextual conditional access, zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat defense (MTD).
Every campaign leader should immediately implement a zero trust security framework to ensure only authorized users, devices, apps, and services can access business resources moving forward.