Sweden’s political parties have the best cybersecurity posture globally, with the UK languishing in the bottom half of the table, according to a new analysis by SecurityScorecard ahead of the European Parliament elections.
Noting the impact of a major data breach at the Democratic National Committee (DNC) which helped to swing the 2016 Presidential election in favor of Donald Trump, the security vendor decided to appraise the security of political parties in the West.
It covered nine countries — the US, France, Germany, Spain, UK, Poland, Italy, Switzerland and Sweden — and two UK nations which have separate domestic parliaments, Northern Ireland and Scotland.
Some 29 political parties were selected for analysis, which covered areas including web app identification, network security and DNS configuration, malware infections, leaked credentials, patching, and more.
“SecurityScorecard found the two major US political parties, Republican National Committee (RNC) and Democratic National Committee (DNC), fared well compared to smaller US political parties and European political parties as a whole,” the report claimed.
“With that said, SecurityScorecard discovered indicators of poor security hygiene in almost all political parties.”
Sweden came top of the 11-country list, with the US in fifth and the UK down in eighth, just three notches above bottom-placed France.
In the UK, the centrist Liberal Democrats were named as the best on cybersecurity, coming top on DNS, network security and patching cadences, although its application security score fared less well.
The Conservative Party was called out for hosting an unencrypted log-in portal for its PureCampaign application.
“Although the credentials are sent to the server via a secure manner, this represents poor security design and presents a risk to a simple MitM or social engineering attack,” the report argued.
In the US, the DNC still appears not to have learned its lesson from 2016.
“While SecurityScorecard believes the DNC has made significant investments in security since 2016, the organizational behavior at managing digital assets still lags behind the RNC,” the report noted.