Does Fake News Affect Threat Intelligence?

The concept of ‘fake news’ has plagued media for the past couple of years, but what is its impact upon business-level cyber-security?

Recently a roundtable, hosted by the Threat Intelleigence experts at Anomali, on the concept of ‘Hybrid Threats’, which was chaired by former GCHQ director turned professor Sir David Omand, and attended by a selection of industry names.

The concept of Hybrid Threats, according to Omand, was not one he is keen on and he claimed that he preferred the “old fashioned term subversion, where one country tries to influence another.” He said that this usually involved three tactics: intimidation, propaganda and dirty tricks.

The use of these tactics, he claimed, leads to “erosion in confidence,” while propaganda “restricts free speech when government has to have a reputation for truth."

All of this may not seem to be too relevant to cyber-security, but in recent instances where arrests have been made over interference in the 2016 US election, the concept of what is real and what is not needs to be a serious factor, and in the case of threat intelligence, knowing what is a genuine alert and what is fake can paint a much clearer picture of a threat.

This moved the discussion on to the concept of fake news, as Omand said:

“Threat intelligence is needed to pull together different bits of information from different sectors and see the pattern, or if it is just a coincidence.”

Valentina Soria, head of intelligence at Morgan Stanley, said that as a threat intelligence practitioner, her job is to interpret threat intelligence and make sure that the difference between fake and real news is determined.

She claimed that hybrid threats have further complicated the ability to make sense of it all, as at the heart of threat intelligence is credibility of the information you rely on, and propagation of fake news has made it much more difficult.

“We can see the potential impact that the fake news phenomena can have,” she said, claiming that threat intelligence can help a business understand threats and form a strategy, but ‘false flags’ and threat actors using different tools mean it can be difficult for a business to focus on what is a genuine threat to the business.

In an open discussion on fake news, cyber psychologist Dr Mary Aiken said that there is not a way to legislate around this, but there is an opportunity for ‘cyber ethics’ in the social media models and for the social media platforms to become more responsible players.

“When we look to having fact checking, and false claims on what a politician said, there is an absence of critical thinking to the bombardment of young people with fake and false information and it becomes a modus operandi of ‘that’s ok, everything is fake’. When a group of people who will become the policy makers in time, what will their frame of reference be and what will be their critical thinking?”

Hugh Njemanze, CEO of Anomali, said that there was a responsibility for social media algorithms to be more transparent to see what has happened and investigate, and transparency will enable that.

Soria added that it is quite hard to demonstrate the real life cause, impact and effect of fake news, especially when this could have influenced voters ahead of an election.

Aiken said that a real world sophisticated model can be created, but are they still fit for purpose in cyber-environments? That is why models need to be invested in that can make sense of human behavior and manipulation.

The conversation moved on to filtering and the need for automated tools to do such a job, but ultimately the problem remains the same when it comes to determining what is a genuine threat and what is not. Whether it is fake news or a false flag, it requires a person’s attention to determine what is important for the business.

As Soria said, threat intelligence processing involves determining a pattern that affects your business, and fake news could be the square peg trying to fit into the round hole.

Infosecurity Magazine: 

You Might Also Read:

Fake News Is A Cybesecurity Threat For Businesses:

Prime Minister Wants A 'fake news' Rapid Response Team:

 

« Autonomous Cars Hit The Road In California
Cybercriminals Use Fake Websites »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

TechMD

TechMD

TechMD (formerly ICS) is an award-winning IT solutions firm that specializes in cloud solutions, managed cybersecurity services, strategic IT consulting, and managed IT services.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.