Morphisec’s U.S. Citizen Threat Index Study Looks at Perceived Threats in the Run-Up to the 2018 Midterms
With the US midterm elections just days away, the team at Morphisec wanted to look at how American citizens feel about state-sponsored attacks and other cyber threats that could pose a threat to US election security, and ultimately, American democracy.
The much-publicized and politicized Russian meddling in the 2016 election, and other notable recent attacks, including last year’s WannaCry ransomware epidemic, attributed to North Korea and causing an estimated $8 billion in damages across 150 countries, illustrate that the threat of state-sponsored cyberattacks is not only increasing in scale, but also in their impact.
And when it comes to threats that could affect the US election system, recent reports, including one that found 81.5 million voter records for sale on the dark web, suggest that these threats are genuine, and carry a massive potential impact on businesses and individuals.
To take the pulse of the general U.S. public, we commissioned the Morphisec U.S. Citizen Threat Index of a State-Sponsored Cyber Attack Study, a study administered between October 19th and 21st to 1,000 US respondents aged 18+ and weighted for the US population by age, region, and gender.
Here’s what we found:
When we asked respondents what their current fear level of a state-sponsored cyberattack against the U.S. is, 54% reported that they believe the threat of an attack is either “elevated” or “imminent.”
With attacks purported to be carried out by foreign adversaries continuing to make headlines, and the Trump administration’s new cyber strategy that is designed to take a more offensive approach to combat these attacks, The majority of Americans seem to be thinking that it’s not a matter of if a state-sponsored attack occurs, but when.
When looking at the results by region, the Northeast was the only region where the majority of respondents (39%) report that their current fear level of a state-sponsored cyberattack against the U.S is no different from any other time.
When asked what type of state-sponsored or foreign adversary cyber attack against the U.S. they are afraid of, the majority of respondents (36%) stated that they were most fearful of an attack that shuts down our financial system. This type of attack could provoke a doomsday scenario, potentially spiraling America into the next financial crisis, and it is a major reason why we recently joined forces with DHS to assist in thwarting attacks targeting the nation’s economic infrastructure.
However, second to an attack that shuts down our financial system, American’s are most fearful of an attack that affects election results (20%). Notably, this came ahead of attacks that disrupt communication (internet, etc.), sabotage physical infrastructure, and cripple transportation (air, train, etc.). Interestingly, women were also much more likely than men to be worried about a cyberattack impacting election results (25% vs. 15%).
Since the news broke of the alleged Russian interference in the 2016 elections, election officials, security experts, and secretaries of state have been collaborating to identify potential threats that could take could impact US elections going forward. And the dangers are many; from malware, spear-phishing to Man-in-the-middle and DDoS attacks. To add to the complexity, multiple attacks often occur simultaneously.
As Eric Rosenbach, D3P director and chief of staff to US Secretary of Defense Ashton Carter from 2015 to 2017, said of the 2016 Russian interference during his congressional testimony in March, "I've been working in national security for 20 years now, and this was the most complicated, difficult problem I've ever dealt with."
Perhaps not surprisingly, the majority of respondents (63%) feel that adversaries propagating misinformation on social networks possess a more significant threat to our voting system than state-sponsored cyber attacks. With the recent news that VICE was able to buy fake Facebook ads on behalf of all 100 sitting U.S. senators, including ads "Paid for" by Mitch McConnell and Chuck Schumer, this approach to shaping the debate and ‘influencing the influencer’ through nefarious acts looks to be an active threat.
Men were more likely than women (63% vs. 57%) to choose adversaries propagating misinformation on social networks as a more significant threat to the U.S. elections. On the other hand, women (44%) were more concerned than men (38%) when it comes to cyberattacks against the actual voting system.
Meanwhile, Gen Z (ages 18-24) was the only demo to say U.S. elections face a bigger threat from state-sponsored cyberattacks against our voting system (51%) than from adversaries propagating misinformation on social networks (49%).
Exacerbating the perceived threat to US elections is the fact that the majority of Americans (61%) noted in our survey that they believe that the private sector has better cybersecurity defenses than the public sector. These new findings support recent data published by the Pew Research Center that noted 55% of Americans are not too confident in the security of the U.S. election system.
Moreover, it looks like the public sector agrees. The public sector is increasingly turning to the private sector, and even those whom it would typically be defending against, to fortify the cybersecurity of government networks and systems.
Younger Americans (<35 years old) had a bit more faith in the cybersecurity defenses of the public sector and their answers were near 50/50 on public versus private defenses. Those over 35 years old were more likely to say that the private sector had better cybersecurity defenses. With age comes worry, perhaps.
This worry that the American government is more vulnerable than the private sector could also have parallels with Edelman’s Annual Trust Barometer which found that 59% of Americans view the Government as the most broken institution.
While our study shows that American citizens may differ in terms of their views on the types of attacks that pose the most risk to our institutions and processes, two things are abundantly clear: Americans believe the threats posed to the U.S. election system by state-sponsored cyberattacks and nefarious activity online are very real. With sophisticated bad actors continuously devising new ways to exploit vulnerabilities, we can expect the government to ramp up its activity to fortify defenses by tapping into the private sector as the battle to protect democracy continues to evolve.