"Fear and anxiety over the election process underscores one of the most fundamental security issues organizations face: the ability to know whether there is an active attacker at work on a network. In the case of a classic data breach, the attack eventually surfaces once accounts, passwords and other details end up on the Dark Web or are used by cybercriminals. This revelation generally comes far too late-well after the theft or damage has occurred-and it takes an average of five months. In the case of data or system manipulation or stolen secrets, revelation may never come. While finding an active attack early and curtailing it is a long sought after objective, the ability to know that an attacker is not present is also tremendously valuable.
Ask a CIO or CISO, "Do you have the means to find an active attacker on your network working towards a data breach?" Most, if they are fully informed and completely honest, they will admit that they do not. If they believe they have the means to know, ask how and what is their level of confidence? You will likely get a blank stare.
Confidence is the issue with the election, especially after the breaches of the Arizona and Illinois election databases, the DNC attack, and other election-related security events. Ideally, a state elections department could attest that its network is free from attackers. Based on a thorough check of hundreds or thousands of parameters and using ongoing, detailed behavioral profiles, organizations should be able to find an attacker at work. The inverse is also immensely beneficial to give confidence and attest, "Our network is free from attackers." This kind of assurance would also be valuable for a law firm to give to its clients during a routine security review. It's exactly what a defense contractor should be able to present to the Department of Defense. Even in the case of a merger or acquisition, it would be extremely valuable to know that you are not connecting up to a network with a hidden attacker.
In some cases, knowing that there is no attacker is nearly as valuable as knowing that there is an attacker."