6 Steps for Cyber Resilience During the 2024 U.S. Presidential Election
As the United States and the world count down to the upcoming U.S. presidential election on November 5, 2024, we want to highlight key strategies to ensure resilience during this critical event, especially for the financial services sector.
This blog post addresses the elevated risks to service availability during the week of November 4, 2024, and describes the ways you can strengthen your attack readiness.
Key risks to service availability
Market volatility
The election outcomes may trigger significant market movements that affect trading platforms, investment services, and overall financial status.
On August 5, 2024, the U.S. stock market experienced the highest market volatility index in the past two years, as result of service disruptions in several trading platforms and brokerages.
High transaction volumes
Increased traffic during this period could overwhelm transaction systems, leading to potential slowdowns or outages in online trading and banking.
On September 19, 2024, we observed a significant surge of trading traffic in brokerage and wealth management customers, reacting to the first Federal Reserve rate cut in four years.
Distributed denial-of-service attacks
Threats from politically motivated or state-sponsored actors could result in large-scale distributed denial-of-service (DDoS) attacks on banking websites and financial services.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn that potential DDoS attacks during the 2024 U.S. election could disrupt access to election-related websites but they won't impact the voting process.
There is a high watch advisory on Iranian-based cyberthreats and DDoS attacks. Some of the prominent Iranian groups under watch include APT33 (Elfin), APT34 (OilRig), MuddyWater (Static Kitten), the Iranian Cyber Army, and Charming Kitten (APT35).
Phishing and social engineering
Increased phishing campaigns aimed at employees or customers could compromise critical systems or lead to fraud.
In the summer of 2024, the U.S. banking and insurance sectors saw significant spikes in brand impersonation and phishing activities. It's crucial to stay alert and advise your customers about potential phishing and social engineering threats, particularly those tied to the upcoming election. These could include:
Election-based phishing emails
Misinformation on voter fraud
Spear phishing targeting high-profile individuals
Credential harvesting attempts
Maintaining vigilance is key to mitigating these risks.
Third-party disruptions
There may be disruptions from failures or cyberattacks on third-party service providers (e.g., cloud and network vendors).
The recent CrowdStrike outage underscores the importance of third-party service reliability, especially during critical events like the U.S. election. Organizations should review and update safety policies to ensure resilience, focusing on backup measures and incident response plans to mitigate the impact of potential service disruptions.
6 steps to improve your cyber resilience
These risks can be mitigated, but it’s important to ensure your organization also knows how to be resilient in the face of persistent threats. Here are six steps you can take now to ensure that your firm’s cyber resiliency is strong:
Assess availability
Perform a health check on DDoS posture
Test your incident response plan
Promote threat awareness
Ensure change safety
Proactively monitor threats
1. Assess availability
Perform thorough risk assessments to ensure resilience across CDN services and to ensure backups and failovers are in place, including:
Content caching and error handling
End-to-end connectivity and performance optimization
Failover logic and test objects
Load testing critical systems
2. Perform a health check on DDoS posture
Verify the robustness of your DDoS protections, especially for critical services like websites, login portals, and APIs. Take the pulse of your:
Rate and IP reputation controls
Bot management
Geo or IP network controls
Positive security model
3. Test your incident response plan
Rehearse and update incident response protocols, ensuring all stakeholders are aware of the processes. Be sure to include your:
Support runbooks (e.g., contacts, procedures and communication, and templates)
Incident management (e.g., incident declaration, escalation process, and SWAT team engagement)
4. Promote threat awareness
Collaborate with partners like Akamai and CISA for continuous monitoring and threat intelligence.
5. Ensure change safety
Implement a change freeze during election week (November 4–6) to avoid unnecessary risk in change management.
Additionally, consider a heightened alert state for October 31 and November 1 as they are both end-of-month in the trading process and payday in banking sectors.
6. Proactively monitor threats
Monitor threats proactively during the election to ensure quick detection, which will help maintain security and service availability by identifying issues before they escalate. Consider the following proactive steps to enhance election resilience:
Adaptive monitoring on traffic anomalies (e.g., significant spikes or reductions)
Application monitoring on abnormal errors or misbehaviors
Security monitoring on malicious activities
Akamai customers with premium CDN and security support should consider these additional steps:
Open a proactive support case
Leverage near real-time monitoring via the Akamai Control Center event dashboard
Enable Web Security Analytics Alerts with Security Operations Command Center visibility
Ensure daily health status communication
These measures will help strengthen your security posture during the election period.