I have been in the United States for several presidential election cycles now, and I am not alone in thinking the 2016 race for the White House has been the most bizarre. Some of the reasons for this are a little more predictable than others, but one factor, in particular, sticks out to me.
Two hundred and forty years after the U.S. officially became an independent country, we are watching a presidential election unfold under the influence of cyber attacks from abroad. By that, I am referring to both foreign powers like Russia and high-visibility hacktivists like WikiLeaks, involving themselves by attempting to steal and distribute the candidates’ personal information.
Let’s evaluate this in context.
The United States was ranked the fourth “best” country in the U.S. News & World Report’s inaugural “Best Countries” ranking, and a clear first in power and influence. Yet despite that stature on paper, the current cyber-infrastructure has taken repeated public blows over the last year.
To some extent, this rash increase in visible cyber attacks makes sense. Elections happen every four years, and campaigns usually start in earnest the year prior. In this year’s case, cyber influencers recognize that the election in November 2016 actually begins campaign groundwork in the summer of 2015. Predictability is the Achilles’ heel of security—remember this next time your IT director annoys you by making you change your password!
In this year’s instance, it also didn’t help that the identity of one of the candidates was obvious even before 2015. Donald Trump came out as an unexpected candidate to most, but Hillary Clinton was President Obama’s heir, apparent as early as 2012.
While the origin of Clinton’s email controversy was domestic, with the existence of the server first revealed by American news sources like the New York Times, it was a Romanian hacker with the alias ‘Guccifer’ who actually stole and distributed Clinton’s classified memos.
A rapid theme of this election cycle soon revealed itself as both candidates must try and navigate the political fallout from confidential or nonpublic information being released at inconvenient times. WikiLeaks followed Guccifer’s example and hacked the emails of Clinton’s allies.
In addition to disrupting this election domestically by influencing a subset of voters, the cyber influence and wielding of power around private information will have a long-reaching impact on foreign relations for years to come. Julian Assange has been given asylum in Ecuador and has been using his location as a base to run WikiLeaks. Concurrently, 17 American federal agencies believe Vladimir Putin is meddling in the U.S. election from Moscow. These stark realities are already shifting international dynamics and will continue to influence foreign relationships regardless of who wins this election.
What we are currently experiencing is truly unprecedented and there are many valuable lessons to be learned. While there may not be a way to fully prevent this type of infiltration from happening in the future, there are certainly corporations and government institutions taking this moment of opportunity to invest in protecting their data. Several key takeaways are as follows:
1. Information is power and digital information is instant power. News travels faster to a broader audience now than ever before, and consumers today actively engage with news through reposts and sharing links on social media. Electronic communications, as Hillary Clinton has learned, require a much higher level of attention and care as they are no longer secondary to print.
Moreover, the ease with which you can electronically toggle between personal and professional communications poses its own set of difficulties. Consider how much easier it is to misfire an email if you’re signed into a personal email and a professional email in two tabs in the same browser, as opposed to writing out and mailing letters to two different places.
2. Every electronic piece of content can be exposed. You can take the approach of sinking time and resources into making security as complex as possible, but that would only make accessing information a nightmare for your users. The easier solution is to prevent the problem by making sure users have a clear understanding of potential fallout from their words and actions. Teach them to ask themselves, “Would I be mortified if I saw this email/Tweet/letter on the front page of the Wall Street Journal?” Clinton’s emails are a good example, as is Trump’s recorded conversation with Billy Bush.
3. Nothing is ever truly deleted. Both candidates, at some point during this cycle, have probably longed for the days of shredding documents. Corporations and public figures need to proactively protect their content in addition to cleaning up their communications practices, by taking steps like keeping encryption keys in-house or leveraging DRM features like removing access after download or sharing.
4. People with good intentions can make mistakes. An employee or political aide might have learned all the above in training, but may break protocol because of human error like trying to be efficient, trusting the wrong person or just forgetting to protect content with a password or encryption. The trick is not to punish them but to remove the possibility of the mistake entirely.
In other words, deploy content governance solutions that classify content based on how confidential or business critical it is and receive instant notifications when rules are broken or permissions are misaligned. Rapid response, within the first 24 hours, makes it possible to contain and recover distributed or stolen content.
5. Accept that this will happen. Everyone makes mistakes. It’s easy to see the negatives in this, but it’s not all bad. As people develop new norms of behavior online, becoming more spontaneous and open, tolerance is also growing.
After the dust settles on this election, take a step back and look at the bigger picture. Two flawed candidates have shown us what can happen when hackers target you, but long-term relationships matter far more than a dumb Tweet or misfired email. It’s time to upgrade our content governance so that the U.S. isn’t just the fourth “best” country in terms of power and influence, but is a model for cybersecurity for years to come.
About the Author
Isabelle Guis is the Chief Strategy Officer at Egnyte, overseeing all global marketing, go-to-market, partnership and product strategies. She previously served as EMC’s (News - Alert) vice president of Marketing for the Public Cloud Solutions Group and Enterprise Storage Division, driving cloud buyer and service provider segmentations, as well as messaging, product positioning and go-to-market strategies for the company’s core storage solutions. Isabelle has also held leadership positions at Avaya, Big Switch Networks, Cisco Systems (News - Alert), and Nortel Networks. She holds a Master of Science in Electrical Engineering and Computer Science from Supelec (France), and an MBA from Harvard Business School.
Edited by Alicia Young