Like with most of the hacks, it all begins the same way, unpatched vulnerable systems, and untrained personnel. That is all it takes for an opportunistic criminal or nation-state hacker to gain access.  

This time it was Russia nation-state hackers who went after VR Systems, a Florida software company that made voter software for poll workers, using a phishing campaign, three months before the November 2016 election. What they needed was usernames and passwords for email accounts of its election customers. The same tactic was used on Illinois’ State Voter Registration system months earlier. The implications could have been huge, if successful. Fortunately, peculiarities showed up, and it was stopped. It is essential that systems are kept up-to-date, software patches applied, and that everyone in the organization is familiar and aware of the techniques that these criminals use to exfiltrate company information.