Fake News Is A Big Problem For CISOs

Uploaded on 2020-11-10 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Fake news and disinformation might appear to be a problem exclusively for social media firms that have to have to watchful to identify and remove propaganda lies from their platforms In fact, fake news is also a significant problem for business and misnformation and disinformation campaigns are just as bad for businesses as they are national elections.

So what  should Chief Information Security Officers (CISO) loook our for and what measures can they take? 

The 2020 SafeGuard Cyber Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic. Respondents were asked to  rate  their adaptations to date, identify the gaps thay can see and explain how they're planning for the future. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. ​

One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they've rushed certain projects that were scheduled for later.

According to Safeguard Cyber, disinformation is a real cyber security issue which can be used to destroy an organisation's brand value and create conflict within a company's employees. It can also be used as a form of ransomware. Recently, a private psychotherapy clinic in Finland was hacked and the therapist notes on potentially 40,000 patients were stolen. The attacker then proceeded to email the victims, asking each for €200 ransom in Bitcoin.This is a terrifying prospect for organisations and their customers and  it’s easy to imagine a scenario where attackers can claim to have breached an organization and try to extort money from the organization, its partners, and customers. “It is deployed against the company by hacker groups, criminals, and even nation-states. Security organisations are best equipped to build the right tools to fight disinformation since they have experience in defending the company against attacks at scale.” said Otavio Freire, CTO at Safeguard Cyber

The evidence points towards disinformation becoming a standard tool of nation-state actors, cyber-criminals, activists and even competitors. 

Distributed Denial of Service (DDoS) attacks have been a common tactic by criminals and it can be difficult for CISOs to determine which requests landing on their website are legitimate versus those that are fake. Even on a small scale  this kind of disinformation can have long term consequences and CISOs can find themselves not just responsible for securing technology, but  for processes and people too. In such circumstances, CISOs are immediately on the defensive - they have to validate whether a breach has actually occurred or not, and if so, what data was stolen. They have to notify regulators, inform customers, agree what the best course of action is with stakeholders, brief PR agencies and discuss it with the lawyers. It becomes a wide-scale issue involving many different disciplines of which the technical side forms but a small component. 

Fighting disinformation will likely become one of the biggest challenges that CISOs will face in the future and  CISO should learn communicate with everybody, not just the board and this should include employees, partners, stakeholders, the press, and the public at large. 

In terms of defenses, transparency is paramount. If there’s a breach, CISOs should not let circumstances dictate the story. and make sure they take control of the narrative.   

Dark Reading:       PR Newswire:       Infosecurity Magazine:      Rappler:    SC Magazine

You Might Also Read: 

Cyber Attacks Knock 7.2% Off The Average Company Share Price:

 

« Taiwan Company Guilty Of Semiconductor IP Theft
Cyber Security For SMEs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.