Cybersecurity scams continue to hit major corporations, health systems and even luxury goods consumers. A dearth of recent headlines about the campaign industry would seem to indicate that consultants have been relatively unscathed by these online threats.
Sure, there are cases of cybersecurity breaches that have been exposed publicly in the campaign industry, but they’re few and far between.
But those high-profile cases may just be the tip of the iceberg. The reality is that many more firms in the industry may have suffered breaches without disclosing them publicly, according to one cybersecurity expert.
“I’m aware of several vendors in the last few years that have lost hundreds of thousands of dollars in campaign scams,” Ryan Borkenhagen, director, information security and technology at the DSCC, said earlier this week during C&E’s Campaign Cybersecurity Summit, which was hosted in partnership with Defending Digital Campaigns.
“Here’s why you need cybersecurity: to keep you from losing money. And it’s less abstract than China influence operations, or scams.”
Courtney Weaver, an EVP at GOP shop IMGE, said that keeping your firm’s systems secure is about thinking about “the attack surface.”
In other words, said Weaver, “how many people are you giving access to with logins, and how many platforms you’re on across that space? [The number of people] increases that attack surface.
“That really showcased the importance of password managers [and] of multi-factor authentication, making sure that you’re not sharing a ton of data or downloading it, and then not knowing where it’s going and how it’s being used.”
Instead give people access when they “absolutely need it.”
She added: “That’s where you mitigate the risk for third-party vendors [by] having all those guardrails in place.”
