Efforts to manipulate the outcome of the November presidential election in the U.S. are well underway just a few weeks out from Election Day. But once the votes have been cast and counted and a new president sworn in, those responsible for hacks, DDoS attacks and social media manipulation won’t simply put down their toolbox and wait for the next election cycle. FTI Consulting’s Mike Driscoll warns companies that they are vulnerable to the same attacks now striking the presidential campaigns.
As the former assistant director in charge of the FBI’s New York office, I witnessed cases involving misinformation campaigns against private sector companies and the ramifications of unprepared organizations. The desired outcome was to create confusion, harm reputation, influence stock price and transactions or introduce discord, the same intended outcome of malicious acts targeted at elections across the globe.
The interference campaigns by threat actors who sought to manipulate the results of the 2016 and 2020 U.S. presidential elections have been widely discussed, and the upcoming election is facing similar concerns. Recent statements by DOJ and an indictment issued in the Southern District of New York highlight that this is a very active threat. A range of malicious activities — hack and leaks, DDoS attacks, social media manipulation, etc. — coupled with misinformation and disinformation campaigns, are utilized to create distrust among voters.
Considering the potential ramifications of election meddling, interference attempts have rightfully garnered significant attention from the public and the media. But will the spotlight on these threats fade post-election?
It is likely that senior leaders within the private sector are aware of misinformation/disinformation campaigns but think of them only as threats to elections and not to their organization. However, threat actors are adept at using techniques that are proven to work and tailoring them to specific targets or industries.
Disinformation tactics can be used to spread false narratives and manipulate an organization’s reputation or public opinion, causing significant damages, such as consumer mistrust and drops in stock price. These techniques are enhanced through the capabilities of artificial intelligence (AI), creating realistic images and deepfakes and in generating well-written, believable content. The past success of misinformation/disinformation attacks on elections, combined with AI enhancements, prove to threat actors that these efforts work and can be replicated elsewhere.
We have seen instances where threat actors steal confidential campaign information and leak it to influence public perception. The private sector is not immune to this threat, and these tactics can be further advanced by cyber attacks that are used to infiltrate corporate databases and gain access to intellectual property or sensitive personal or corporate information. Once private data is released, it becomes challenging to mitigate the damages.
Considering the prevalence of social media, threat actors also often turn to these platforms to push desired narratives around elections using bots and troll farms. This strategy can be applied to the private sector, creating dissent internally among employees or among consumers.
More simply put, what we are currently seeing in the news about threats to the election should sound the alarm for every organization to be on notice. Post-election, threat actors are not going into hibernation until the next presidential election rolls around. Rather, they will take their practiced tactics and apply them elsewhere, likely to vulnerable private sector companies.
Organizations would be wise to pay close attention to the techniques being used to interfere with elections, as the same tactics can be easily utilized to target the private sector. Awareness is a necessary first step, but organizations within the private sector should also proactively assess their unique threat profile and tailor protections to ensure critical assets are secured.
Capitalize on the attention of election interference attempts, take lessons learned and apply them to your organization and use this knowledge to build support across the organization and proactively implement change. Threat actors may be preoccupied with the U.S. presidential election at the moment, but soon they will shift their crosshairs to new targets in the private sector.
Mike Driscoll is an experienced executive with more than 26 years of leadership and investigative experience in cybersecurity, intelligence and criminal and national security. Today, he leads the national security offering at FTI Consulting and works closely with clients to provide comprehensive solutions that protect their interests and national interests, advising on a range of national security issues, including cyber attacks, insider threats, corporate espionage, CFIUS reviews, sanctions, cross-border data sharing and intellectual property.
