Unified Security Readiness During the Election Season

Elections are the backbone of American democracy. Every vote counts, and agencies can help protect the integrity of voting by solidifying IT security. Keeping hardware and software updated is vital for successful cybersecurity. Through proper training and inter-organization communication, security industry leaders and Government agencies can help raise awareness on election-related issues.

Cyber Threat Landscape and Security Challenges in Modern Elections

By taking advantage of interest in elections, bad actors use common and highly trafficked websites to distribute remote access tools, allowing them to exfiltrate massive amounts of data. Traffic distribution system (TDS)—which are utilized to target ads to users, their search history and their location—are used by bad actors to push pop-up ads that prompt users to update their computer system or software. These pop-ups, hidden in TDSs, install ransomware and malware on the user’s device when clicked, making them difficult to find and fix. There is an uptick in these non-stop, ubiquitous attacks every election cycle. Bad actors target users that visit websites to stay updated on election news through pop-ups, phishing, web browser alerts and website subscriptions. All these methods lead users to socially engineered, compromised websites. However, agencies can prevent cybersecurity attacks at the office and at home by administering relevant security awareness training as part of a Human Risk Management Program.

Optimize Company Training on Security Awareness

ProofPoint Election Security Blog Embedded Image 2024

Employees trust their organization as a valuable source of security information. Therefore, it is important that agencies communicate training and awareness effectively to all users. Some anti-phishing modules rely on realignment methods such as enrolling employees for anti-phishing training after they are misled by these kinds of threats. This can create an environment where employees question whether to alert IT when they click on false updates or phishing scams. Instead, agencies can focus on promoting positive behaviors such as congratulating employees who report phishing attempts, small bite sized trainings, and focused awareness campaigns around threats in the landscape. Here are several ways agencies can support their employees in learning and implementing security best practices during this election season:

Focus on real-time awareness: Agencies should prioritize keeping employees up to date on live threats. Traditionally, users were encouraged to keep systems up-to-date by accepting update notices.  Now, to keep systems up-to-date while simultaneously discouraging pop-up clicks,

Contextualize email warning tags (EWTs): Emails are a great way to communicate awareness surrounding popular hacking methods. Including banners or visual cues, such as color themes, can help employees recognize company emails, giving them pause when faced with phishing threats. During election cycles, newsletters should focus on deepfakes and their effect on elections.

Utilize modules on demand: People trust their tech company or Government agency’s knowledge more than the news. Security awareness modules, training modules and weekly reminders can all help raise awareness among employees. By allowing users to access education modules at their own pace, agencies can pass on valuable knowledge in a way that is pressure and judgement free.

Focus on relevant topics: Modules should be relevant to employees. For example, training modules should be specific to each user’s job role. Short, one-to-two-minute targeted modules that hold the viewer’s attention can be more valuable than long, untargeted modules. During election cycles, the best modules cover election security, fake updates and safe browsing habits.

Teach at the trainee’s level: Agencies should meet employees at their level. Training should be tailored differently for users who may have more experience using the internet on a regular basis and users who did not have internet as a daily part of their education. Agencies must communicate with employees on security strategies, especially those with higher permission access.

Through all these methods, agencies should focus on the good, positively reinforcing employees and building trust between the individual and their organization. 

Transform Company Culture Through Transparent, Unified Security

Focus on the Why: To protect from fake updates and phishing scams, organizations can implement training and assessment strategies into their work culture. Transparency is key: by explaining the purpose of phishing simulations, employers can get employees on board with cybersecurity training. Agencies can use realistic, election-themed phishing simulations during module assessments, which work best in real-time scenarios rather than during training. By monitoring results, agencies can gauge whether users are adequately equipped with the knowledge to report threats within simulations.

Encourage Feedback and Build Trust: By checking in with users after training modules and simulations, agencies can ensure the training has resonated with users, as well as ensuring users do not view trainings as punitive action. The most important part to training simulations is that employees report phishing or pop-up scams to their organization, regardless of if they clicked on them or not. Trainers and leadership teams should use positive reinforcement as corrective behavior to encourage employees to better understand modern scams and how to spot them. It is important to establish that the employee is not in trouble, lest they feel that they cannot report future scams to the organization. Instead, training administrators should build conversations around the reason for clicking. Whether or not the employee was in a hurry, if they had specific training, if they need help or if scams were fallen for at a particular time of day are all valuable information points for preventing future oversights.

Creating a Security Culture: Visual aids placed in common areas are also a valuable learning reinforcement because repetition can help employees remember the most important details surrounding security. Common-sense posters and announcements can be placed in elevators, breakrooms and even on the back of bathroom stall doors. Additionally, agencies should administer regular updates and ongoing education through newsletters, and programming should be consistent and personable. Agencies can:

  1. Send reminders
  2. Share real-world examples
  3. Encourage discussion
  4. Provide easy action items (such as restarting computers daily)
  5. Provide resources for learning and reporting

Unity is key to transforming organizations’ culture, creating awareness around digital hygiene and cybersecurity. Ultimately, repetition, consistency and discussion can help users stay safe and protect the organization from phishing, pop-up scams and other cybersecurity related risks during the election cycle.

To learn more about election security readiness, visit Proofpoint and Carahsoft’s webinar, Navigating the Cyber Threat Landscape: Election Scams. To learn more about Proofpoint’s Human Risk Reduction Solutions, please visit their website. Check out Proofpoint and Carahsofts’ past webinars into the cyber threat landscape.

The 10 Cybersecurity Events for Government in 2024

In the fast-paced world of Cybersecurity, staying ahead of evolving threats and industry trends is paramount for Government agencies and the ecosystem that supports them. From in-depth discussions on certification processes to cutting-edge solutions for modern cyber threats, Carahsoft and our partners’ cybersecurity events promise to provide valuable insights, networking opportunities and practical strategies for enhancing Government cybersecurity posture.  
 
Join us as we delve into cybersecurity excellence and empower Government entities to navigate the digital landscape with confidence and resilience. 

Public Sector Day at RSA Conference 

May 6 | San Francisco, CA 

Attendees joined us for our 11th Annual Public Sector Day event at RSA Conference. They heard from pioneering figures in Government as they shared their perspectives on the forefront cybersecurity challenges facing the Public Sector. As cyber threats continue to challenge all levels of Government, attendees learned how Government and industry are working together to protect communities at all levels from ransomware, thefts of data, election security challenges and attacks on critical infrastructure. Carahsoft was proud to host this event for our 11th year. We will be back in 2025 in San Francisco and hope to see you there! Access our podcast series for a recap of the sessions and discover how to protect your organization’s sensitive information by leveraging compliant cloud authentication services.  

AFCEA TechNet Cyber 2024 

June 25-27 | Baltimore, MD 

A flagship event, AFCEA’s TechNet Cyber serves as a center of gravity for a whole-of-government effort to bring together the policy, strategic architecture, operations and C2 – along with the joint capabilities – needed to meet the global security challenges and successfully operate in a digital environment. Join us in Baltimore and be part of the conversation led by U.S. Cyber Command, DISA, the DoD CIO and numerous industry and academia partners to deliver solutions for this enduring, no-fail mission. Carahsoft will host a pavilion on the exhibit floor that features more than 50 of our technology partners showcasing a range of cybersecurity solutions. Visit our website for more information! 

2024 SANS Government Solutions Forum  

July 25 | Online 

Government agencies face a continuing stream of legislative, executive and oversight recommendations, constantly keeping teams and technologies on their toes. This SANS Government Security Forum equips Public Sector cybersecurity teams with the essential knowledge to address these challenges and modern threats head-on. Carahsoft has partnered with SANS to host this event for our third year in a row. Hear from Government and industry leaders on the latest in cybersecurity. 

DOE Cybersecurity and Innovation Conference 

July 29 – August 1 | Dallas, TX 

Carahsoft is proud to be a sponsor of the DOE Cybersecurity and Innovation Conference. This event will explore the developments and challenges in cybersecurity, technology innovation, workforce development, and critical infrastructure protection. Speakers and attendees will include top thought leaders from across the DOE enterprise, the federal interagency, academia, international partners, and private industry leaders for thoughtful conversations about cybersecurity, modernizing IT and OT environments and solutions, sharing tools, data management, technology, and best practices with the energy industry, and developing technical solutions to meet national challenges. 

Carahsoft will have a booth on the exhibit floor that features and handful of our technology partners showcasing a range of cybersecurity solutions. We will also host a networking happy hour on July 30th from 7:30 – 9:30 pm CST. Stay tuned for more information! 

Black Hat USA 2024 

August 3-8 | Las Vegas, NV 

Now in its 27th year, Black Hat USA returns to the Mandalay Bay Convention Center in Las Vegas with a six-day program. The event will open with four days of specialized cybersecurity trainings with courses for all skill levels. The two-day main conference (August 7-8) will feature more than 100 selected briefings, dozens of open source tool demos in Arsenal, a robust Business Hall, networking and social events and much more.  
 
Carahsoft is pleased to host a networking reception for our vendor partners and their customers. Join us for food, drinks and networking!  

Billington CyberSecurity Summit 2024 

September 3-6 | Washington, D.C. 

Join over 2,500 attendees and 200+ top speakers participating in more than 40 sessions and breakouts at the leading Government cybersecurity summit. Hear from speakers with years of experience in mitigating cyber threats, offering valuable insights. Government, military, nonprofit, academia and industry thought leaders will present major cyber trends and discuss solutions for current field issues. Carahsoft and more than 50 partners will showcase a full range of cybersecurity solutions in our partner pavilion on the show floor. Register Now

The National Cyber Summit 

September 24-26 | Huntsville, AL 

National Cyber Summit is the nation’s most innovative cybersecurity technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. NCS offers a cyber conference with diverse focus-areas, premier speakers and unmatched accessibility focused on education, collaboration and innovation.  
 
Visit Carahsoft at our booth on the show floor and explore our CMMC Solutions Showcase. 

Carahsoft Cyber Leaders Exchange 

October 1-2 | Online 

Discover how agencies are leading the way as the Government “fundamentally re-imagines America’s cyber social construct”. During this exclusive two-day virtual event, Federal News Network and Carahsoft will sit down with cyber leaders and experts to dive deep into efforts across Government to bring the White House vision to life and strengthen Federal cyber capabilities. Tune in for multiple sessions featuring some of our leading technology partners.   

Innovate Cybersecurity Summit 

October 6-8 | Scottsdale, AZ 

Powered by the collective knowledge of cybersecurity executives, practitioners and cutting-edge solution providers, Innovate Cybersecurity Summit is the premier resource for CISO education and collaboration. The Reverse Expo, a featured session, is a highly interactive engagement model and a refreshing way for technology vendors to meet with attendees. Carahsoft is a premier sponsor of the event and will have a partner pavilion featuring some of our leading cybersecurity partners as well as networking events throughout the summit. 

Carahsoft Cybersmart Series: State and Local Government 

November 7 | Austin, TX  

Carahsoft has partnered with FedInsider for a series highlighting and discussing topics on cyber in Government. Join us to hear cyber experts in State and Local organizations discuss the latest cybersecurity threats to the Public Sector and what steps State and Local agencies are taking to protect against them. This year’s half-day event focuses on how the release of AI into the broader computing environment is affecting cybersecurity strategies across the Public Sector. Collaborate with peers, thought leaders and key partners in Austin or watch the panel discussions online in a follow-up webinar!  

Do not miss out on the opportunity to engage with industry experts, explore innovative solutions and network with like-minded professionals at our 2024 events. Secure your spot today and take proactive steps towards safeguarding your organization’s critical assets in an ever-evolving cyber landscape. Together, let us strengthen our cybersecurity defenses and pave the way for a more resilient Government cybersecurity ecosystem.  

To learn more or get involved in any of the above events please contact us at CyberSecurity@carahsoft.com. For more information on Carahsoft and our industry leading Cybersecurity technology partners’ events, visit our Cybersecurity Solutions Portfolio and Cyber Events page

People Plus Technology: Building a Resilient Federal Cyber Workforce

Filling cyber jobs in Federal agencies is complicated – it requires competing with industry salaries, retaining existing talent and navigating the Federal hiring process. It’s a far-reaching challenge that affects every agency – the administration knows that, the Office of Personnel Management knows that, and agency technology and human resources leaders know that. And federal C suite leaders realize how the government recruits, hires and retains people for cyber jobs has to change. In partnership with FNN, our Federal Cyber Workforce guide takes a look at what the government is doing to tackle this problem on a sweeping federal level and also on a more agency-specific level. We also get industry perspective on the technologies that affect cyber workforce resiliency. We hope it provides some guidance and help as your agency works to beef up its cybersecurity, both through investments in people and technology.

 

Carahsoft IIG FNN July Cyber Workforce Blog Embedded Image 20233 Key Rallying Points for a Resilient Cybersecurity Team

“Agencies are currently operating in a high-threat environment, but that doesn’t mean they can’t implement a reasonable amount of information assurance. It may not be perfect, but it doesn’t have to be. The idea is to make it so that adversaries have to work extremely hard to penetrate the infrastructure. The adversaries are good, but agencies can be better with a resilient cybersecurity team, said Mark Bowling, chief risk, security and information security officer for ExtraHop. The key to achieving this is to have a risk reduction perspective.”

Read more insights from Mark Bowling, Chief Risk, Security and Information Security Officer at ExtraHop.

 

Do not Wait for a Breach: Why to Adopt Proactive Approach to Cyber Resilience

“When most people talk about cyber resilience, they’re referring to post-breach recovery — the means, methods and speed with which an organization can get its systems and services back online after a cyber incident. But Felipe Fernandez, federal chief technology officer at Fortinet, views resiliency more holistically. His advice? Agencies need to take a proactive stance on cyber resilience and include not only recovery from breaches but also when their planning for non-malicious threats and other operational disruptions, including those associated with cloud-based services.”

Read more insights from Felipe Fernandez, Federal Chief Technology Officer at Fortinet.

 

Proactively Improve Digital Employee Experience Though Automation

“Digital modernization and the adoption of collaboration tools is supposed to make work easier, especially in a hybrid environment. Employees want the flexibility to be productive in whatever manner best suits them. Unresolved technology issues can impede productivity. In its latest survey of industry employees and IT professionals, Ivanti found that 49% of employees are frustrated with the tools they use and 26% are considering leaving their jobs because of that. Employee experience is a top priority in government right now, and employees are internal customers of an agency’s IT services. By improving their experience your agency can realize gains in productivity and retention.”

Read more insights from Mareike Fondufe, Product Marketing Director at Ivanti.

 

Download the full Expert Edition for more insights from these cyber workforce leaders and additional government interviews, historical perspectives and industry research.