As the votes in South Africa’s national election are being tallied, the looming spectre of cyber threats casts a shadow. In an age where technology permeates every aspect of our lives, the integrity of elections faces unprecedented challenges from malicious actors seeking to manipulate outcomes through digital means.

“Election security and ensuring the processes involved are fair, resilient, and safe is paramount to maintaining public trust in the democratic function,” says Doros Hadjizenonos, regional director at cybersecurity specialists Fortinet.

“In the aftermath of an election, cyber threats can manifest in various forms, from deepfakes to taking advantage of common security issues that can cause data loss and affect votes. It’s therefore crucial to increase awareness and vigilance among voters, as well as political candidates and officials,” explains Hadjizenonos.

Challenges in election security

Election officials are often the frontline of campaigns, which makes them prime targets for cyberattacks such as targeted phishing. “Agencies involved in election processes should consider offering officials regular cybersecurity training that empower them to recognise potential security risks,” suggests Hadjizenonos.

Breaches of voter registration databases and systems can also represent a challenge. These include attacks targeting the equipment and systems that voters use to register, such as IT infrastructure used to manage election processes, storage systems that contain voting data, and polling locations.

“Election databases store the personal data of voters, making them attractive targets for cybercriminals. Altering, hacking, or publishing these records could result in significant data breaches,” warns Hadjizenonos.

Tactics such as deepfakes can also be leveraged, which involve manipulating images, audio, or videos using AI to create highly realistic content, potentially fabricating events that never occurred or individuals that never existed. “This capability poses a significant threat to election integrity by disseminating false information that could influence outcomes,” says Hadjizenonos.

It’s complex for voters to differentiate between genuine content and deepfakes. This is particularly concerning because deepfakes can imitate election officials, spreading misinformation that undermines trust in political candidates and affects vulnerable communities. “It is not always easy to sense that something is off, so voters need to avoid being tricked. It is important to always verify the source of the information and look for tell-tale signs, like unusual facial features and vague, blurred backgrounds.”

Strengthening cyber resilience

To fortify the cyber resilience of elections and counter the threats of misinformation, manipulation, and fraud, it is imperative to bolster cybersecurity measures.

“By implementing robust cybersecurity measures, like vigilant monitoring, swift incident response plans, vulnerability monitoring and secure encryption protocols, election processes can effectively identify and neutralise cyber threats before they compromise the democratic process,” says Hadjizenonos.

“Taking action includes conducting thorough risk assessments, strengthening security measures, and providing training and awareness for everyone involved,” he notes.

Furthermore, protecting the integrity of the election results should be a partnership between both state and local government agencies, election officials, and affiliated organisations. “Information sharing is vital to prevent security issues. To truly strengthen cyber resiliency, the public and private sector must work closely together, particularly when trying to understand the full impact of a cyber incident,” Hadjizenonos concludes.