Cyberattack on Ecuador's national elections? | Tesla Data Breach
CyberInsights #107 - Absentee Voting allegedly suffered a cyberattack | Insider Breach causes data leak at Tesla
Did cyber attacks prevent absentee voters from voting in the Ecuador elections?
Election-tech cyber risks have nation altering repercussions
The concept is simple. Inclusive, even. If a country has a large expat population, why not let them vote remotely - absentee voting.
For a risk professional, the imagination boggles, or as P. G. Wodehouse’s characters would have said “It boggles perceptibly.”
Ecuador faced a possible cyber attack during their national elections. [Link].
It’s not new cyber risks that cause concerns. It’s the impact. A percentage of voters not being able to vote can change the outcome of an election. No wonder then, that the president of the national election council had speak about it:
“We inform the Ecuadorian people that according to preliminary reports, the telematic voting platform suffered cyber attacks that affected the fluidity of accessing the vote,” she said. “We also clarify and emphasize that the cast votes have not been violated.” She went on to say the attacks “were identified as coming from seven countries: India, Bangladesh, Pakistan, Russia, Ukraine, Indonesia and China.”
Take Action:
The key takeaway for a cyber professional is to consider the business impact. Most cyber risk professionals and cyber security consultants do not spend time to understand the business enough. The CISO should spend time with other C level people. They should spend time with business heads and understand the impacts and consequences. Conducting a formal BIA is a very operational task. The experience of the CISO can add a lot of value in this process.
For all CISO subscribers to CyberInsights - please talk to business heads and review your BIA, not just for RTOs and RPOs.
Insider linked data breach at Tesla
Insider threats have been reduced, not eliminated.
It’s been a while since I wrote about insider threats. They are not readily reported.
Tesla, however, recently acknowledged that a data breach was caused by an insider. [LINK].
The data was around 100GB. Among other things it contained:
“The information provided by the whistleblower contained 23,000 internal files from 2015 to 2022 concerning Tesla allegedly receiving 3,900 reports of self-acceleration and brake-function issues. The files also contained crash reports and thousands of incidents of drivers expressing safety concerns over Tesla's driver assistance system.”
Tesla later found out that 2 former employees have shared the data with a German news site.
As a part of incident response, Tesla has offered those affected complimentary credit monitoring through Experian IdentityWorks - an identity theft and credit monitoring service offered by Experian.
Take Action: If you are an affected party, I assume that you would have received a notification from Tesla. Keep yourself updated about this breach. Use the Experian service provided complimentary by Tesla to monitor if your personal data is being misused.
As an infosec professional, 2 key takeaways:
Insider threat is important - it’s the impact, again. Review corporate security policies and monitor information access exceptions provided. Also, monitor admin account access. A breach of this size is far easier for an admin than a user who has only front end access.
Update your incident response and communication process. Offering a credit monitoring service is a good way to emphasise the importance of the customer
As a cyber insurance underwriter or actuary - consider credit monitoring expenses as a standard cover for your clients. Currently, only certain insurers cover proactive credit monitoring in case of a breach.
If you enjoy reading CyberInsights, spread the joy!