Fake News Is A Big Problem For CISOs
Fake news and disinformation might appear to be a problem exclusively for social media firms that have to have to watchful to identify and remove propaganda lies from their platforms In fact, fake news is also a significant problem for business and misnformation and disinformation campaigns are just as bad for businesses as they are national elections.
So what should Chief Information Security Officers (CISO) loook our for and what measures can they take?
The 2020 SafeGuard Cyber Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic. Respondents were asked to rate their adaptations to date, identify the gaps thay can see and explain how they're planning for the future. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies.
One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they've rushed certain projects that were scheduled for later.
According to Safeguard Cyber, disinformation is a real cyber security issue which can be used to destroy an organisation's brand value and create conflict within a company's employees. It can also be used as a form of ransomware. Recently, a private psychotherapy clinic in Finland was hacked and the therapist notes on potentially 40,000 patients were stolen. The attacker then proceeded to email the victims, asking each for €200 ransom in Bitcoin.This is a terrifying prospect for organisations and their customers and it’s easy to imagine a scenario where attackers can claim to have breached an organization and try to extort money from the organization, its partners, and customers. “It is deployed against the company by hacker groups, criminals, and even nation-states. Security organisations are best equipped to build the right tools to fight disinformation since they have experience in defending the company against attacks at scale.” said Otavio Freire, CTO at Safeguard Cyber
The evidence points towards disinformation becoming a standard tool of nation-state actors, cyber-criminals, activists and even competitors.
Distributed Denial of Service (DDoS) attacks have been a common tactic by criminals and it can be difficult for CISOs to determine which requests landing on their website are legitimate versus those that are fake. Even on a small scale this kind of disinformation can have long term consequences and CISOs can find themselves not just responsible for securing technology, but for processes and people too. In such circumstances, CISOs are immediately on the defensive - they have to validate whether a breach has actually occurred or not, and if so, what data was stolen. They have to notify regulators, inform customers, agree what the best course of action is with stakeholders, brief PR agencies and discuss it with the lawyers. It becomes a wide-scale issue involving many different disciplines of which the technical side forms but a small component.
Fighting disinformation will likely become one of the biggest challenges that CISOs will face in the future and CISO should learn communicate with everybody, not just the board and this should include employees, partners, stakeholders, the press, and the public at large.
In terms of defenses, transparency is paramount. If there’s a breach, CISOs should not let circumstances dictate the story. and make sure they take control of the narrative.
Dark Reading: PR Newswire: Infosecurity Magazine: Rappler: SC Magazine:
You Might Also Read:
Cyber Attacks Knock 7.2% Off The Average Company Share Price: