Cybersecurity Awareness Month is coming to an end and many efforts have focused, rightly so, on things everyone can do to be more cyber-secure, right now. In the political world DDC operates in, awareness of the threat landscape is also critical to help frame the most effective cybersecurity steps campaigns can implement. 

Microsoft recently published its 2025 Microsoft Digital Defense Report (MDDR). As we come to the close of 2025, this report gives some great insights into the security risks going forward. 

We had the opportunity to pose questions to Microsoft's Ashley O’Rourke and Seth Reznik who are part of Microsoft’s Campaign Success Team. They are dedicated to helping political campaigns navigate cybersecurity challenges and the world of AI. 

DDC: Before we dig into the numbers, this new report is not a one off. Microsoft has a long history of providing information on what we call the “threatscape.” Why is this work so important to Microsoft as a company and what teams do this work? 

MS: Everyday Microsoft processes 100+ trillion security signals and blocks  millions of threats, giving us unparalleled visibility into cyber attacks worldwide. Sharing those insights in the Microsoft Digital Defense Report (MDDR) helps raise awareness and bolster defenses across all organizations, including political campaigns. This work isn’t done by just one group: it’s a collaboration across dedicated teams like Microsoft Threat Intelligence Center, Digital Crimes Unit, and our security researchers. These teams gather data at a massive scale and distill it into guidance that our customers can use to improve their cybersecurity posture.    

DDC: The report has prioritized ten recommendations for organizations going forward. Which of these resonate for you as most applicable to campaigns, political organizations, and think tanks? 

MS: The first five recommendations from the report are especially relevant for campaigns heading into the 2026 midterms: 

1. Manage cyber risk at the boardroom level (the candidate and/or campaign manger in a campaign): Leadership must fully buy in to strengthening the cyber readiness of the campaign. The tone they set, whether they prioritize security in daily operations, budget decisions, vendor selection and staff behavior, will trickle down and shape how seriously the rest of the team takes these risks. 

2. Prioritize protecting identities: Political organizations and think tanks continue to be highly targeted organizations, and phishing remains one of the most common attack vectors. As the report says, “No matter how much the cyber threat landscape changes, multi-factor authentication (MFA) still blocks over 99% of unauthorized access attempts, making it the single most important security measure an organization can implement.” 

3. Invest in people, not just tools: Campaigns often rely on a mix of staff, volunteers, and consultants, many of whom lack formal cybersecurity training. That’s why skilling and awareness are essential. Groups like Defending Digital Campaigns play such a critical role in providing training and resources tailored to the political ecosystem. 

4. Defend your perimeter: Campaigns are heavily reliant on political consultants, vendors, and third-party platforms. It’s vital to have open dialogue with these partners about their security posture. These conversations can help prevent attackers from exploiting weak links in your extended network. 

5. Know your weaknesses and pre-plan for breach: Campaigns should adopt both a zero-trust mindset and ‘always assume breach’ principles. That means verifying every access request, limiting privileges, segmenting systems, and preparing for the possibility of compromise. Having backups, incident response plans, and clear escalation paths ensures that when something goes wrong, you can recover quickly and keep operating. 

DDC: If there are any constants in cybersecurity, it’s that phishing remains a top way bad actors look to compromise organizations. How has AI been used in phishing and in other cyberattacks? 

MS: Threat actors are now routinely using generative AI to boost their operations – automating social engineering, generating malware code, finding vulnerabilities faster, and creating very realistic fake content (deepfakes) for deception. AI has specifically increased the effectiveness of phishing. In 2025, AI-generated phishing emails achieved a 54% click-through rate, 4.5 times higher than traditional attempts. AI enables attackers to craft convincing, localized messages and automate their phishing campaigns. This shift makes phishing more profitable and harder to detect, requiring defenders to adopt behavior-based and anticipatory defenses. One great tip for campaigns is to establish authenticated communications channels as part of an overall cyber security policy.  

DDC: The report also focuses on phishing resistant multi-factor authentication (MFA) as a key cybersecurity protection. Not all MFA is phishing resistant so what is phishing resistant MFA and why is it so protective? 

MS: “Phishing-resistant” MFA refers to authentication methods that cannot be easily intercepted or spoofed by attackers through traditional phishing techniques. Examples include passwordless authentication, passkeys, and FIDO2 security keys. The report has a really telling statistic: “even when attackers possess valid usernames and passwords, MFA blocks access in over 99% of cases”. It’s one of the best steps any campaign can take to dramatically improve account security. Political staff should also take the step of setting up phishing-resistant MFA on their personal accounts as well.  

DDC: Let’s flip sides. How are the defenders using AI to improve cybersecurity and thwart bad actors? 

MS: Defenders can leverage AI to combat the pace and scale of incoming attacks, including rapidly detecting threats, identifying detection gaps, and automating incident response measures. For example, Microsoft’s Digital Crimes Unit “uses AI-powered agents to sift through massive datasets, extract key indicators of compromise (IOCs), and share them across Microsoft’s security ecosystem. A reverse-engineering plugin powered by AI further accelerates the analysis of malicious code, automating tasks that once took hours or days”. Around identify protection, AI is used to detect risky sign-in behavior across our services, by quickly flagging password spray attempts or atypical login patterns. Microsoft actively develops a host of AI solutions, including Security Copilot, to help defenders leverage AI to improve the speed and effectiveness of their cybersecurity operation.  

DDC: Many campaigns are considering using AI and/or have vendors attempting to sell them products that use AI. How do campaigns implement AI securely? 

MS: The key is to approach AI adoption with a security-first mindset just as you would with any new technology. Campaigns should be excited about AI’s benefits, but they must implement it in a way that doesn’t introduce new vulnerabilities such as data leaks and data oversharing. The report recommends organizations establish an AI “security framework” that helps “prepare for AI adoption; discover how AI is being used within the organization; protect sensitive data, AI agents, applications and models; and govern AI operations.” Establishing this framework will also help campaign leadership understand what AI tools their staff is using, and if there are any built-in security, privacy and compliance controls within these tools. If your campaign is looking to develop an AI Security Framework, please don’t hesitate to reach out to our team at CampaignSuccess [at] Microsoft.com as we have a host of resources that can guide this process.   

DDC: The report takes note of the increased use of domain impersonation. This raises some significant concerns for the political sector as outreach to the community is such a fundamental activity of campaigning. What kinds of impersonation is going on and what are the outcomes bad actors are hoping to achieve? 

MS: Domain impersonation (or cybersquatting) is when bad actors register domains that resemble legitimate organizations but with minor spelling errors or visually similar characters (homoglyph domains) with the intent to exploit the organization or deceive users. These domains are then used for a host of activities including phishing, credential theft, and spreading malware. According to the MDDR, “domain impersonation has become one of the fastest-growing online threats due to large-scale, AI driven attacks.” For political entities, this can look like bad actors creating websites to look like the legitimate campaign or party website that they then use to send phishing emails or to set up fraudulent donation pages to divert funds. Microsoft’s Digital Crimes Unit actively uses AI to detect and track homoglyph domains to monitor for malicious activity. We encourage campaigns to reduce their risk by registering not only their main domains, but also common variations.  

DDC: Cybersecurity threats to campaigns can follow geopolitical events and can differ by country. What are the insights in the report on how nation-state actors might take differing approaches or are seeking different outcomes? 

MS: At a macrolevel, the MDDR finds that the majority of cyberattacks are “by and large financially motivated”, but when it came to nation-state actors this past year, they “prioritized espionage against traditional intelligence targets—IT, research and academia, government, and think tanks/ NGOs.” The intended outcomes of these nation-state cyber-attacks vary – from intelligence collection and supply chain disruption to undermining democratic processes. For example,  the report found that “throughout 2024, a year with a record number of elections worldwide, Chinese actors spent significant effort collecting intelligence or attempting to influence their outcomes.” This should reinforce for political organizations and think tanks that it’s not just cybercriminals they need to be thinking about. 

DDC: As we gear up for the 2026 midterm election, are there any additional recommendations you would suggest to campaigns seeking to improve their cybersecurity?  

MS: Remember – you are not alone! There are a host of cybersecurity resources, offered in partnership with Defending Digital Campaigns, that political organizations can take advantage of that are tailored to the unique threats the political ecosystem faces. At Microsoft, we strongly encourage our political customers to enroll in our AccountGuard program, a free cybersecurity support service that adds an extra layer of threat monitoring to organizations that underpin healthy democracies across the globe. Learn more by visiting: accountguard.microsoft.com. We're also committed to securing your political campaign's most critical online communications, such as emails and documents, which is why we have our M365 for Campaigns program to streamline the process of achieving a strong security baseline. Learn more at m365forcampaigns.microsoft.com.  

To read the full 2025 Microsoft Digital Defense Report, visit: aka.ms/MDDR2025.