Fake News Is A Big Problem For CISOs

Uploaded on 2020-11-10 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Fake news and disinformation might appear to be a problem exclusively for social media firms that have to have to watchful to identify and remove propaganda lies from their platforms In fact, fake news is also a significant problem for business and misnformation and disinformation campaigns are just as bad for businesses as they are national elections.

So what  should Chief Information Security Officers (CISO) loook our for and what measures can they take? 

The 2020 SafeGuard Cyber Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic. Respondents were asked to  rate  their adaptations to date, identify the gaps thay can see and explain how they're planning for the future. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. ​

One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they've rushed certain projects that were scheduled for later.

According to Safeguard Cyber, disinformation is a real cyber security issue which can be used to destroy an organisation's brand value and create conflict within a company's employees. It can also be used as a form of ransomware. Recently, a private psychotherapy clinic in Finland was hacked and the therapist notes on potentially 40,000 patients were stolen. The attacker then proceeded to email the victims, asking each for €200 ransom in Bitcoin.This is a terrifying prospect for organisations and their customers and  it’s easy to imagine a scenario where attackers can claim to have breached an organization and try to extort money from the organization, its partners, and customers. “It is deployed against the company by hacker groups, criminals, and even nation-states. Security organisations are best equipped to build the right tools to fight disinformation since they have experience in defending the company against attacks at scale.” said Otavio Freire, CTO at Safeguard Cyber

The evidence points towards disinformation becoming a standard tool of nation-state actors, cyber-criminals, activists and even competitors. 

Distributed Denial of Service (DDoS) attacks have been a common tactic by criminals and it can be difficult for CISOs to determine which requests landing on their website are legitimate versus those that are fake. Even on a small scale  this kind of disinformation can have long term consequences and CISOs can find themselves not just responsible for securing technology, but  for processes and people too. In such circumstances, CISOs are immediately on the defensive - they have to validate whether a breach has actually occurred or not, and if so, what data was stolen. They have to notify regulators, inform customers, agree what the best course of action is with stakeholders, brief PR agencies and discuss it with the lawyers. It becomes a wide-scale issue involving many different disciplines of which the technical side forms but a small component. 

Fighting disinformation will likely become one of the biggest challenges that CISOs will face in the future and  CISO should learn communicate with everybody, not just the board and this should include employees, partners, stakeholders, the press, and the public at large. 

In terms of defenses, transparency is paramount. If there’s a breach, CISOs should not let circumstances dictate the story. and make sure they take control of the narrative.   

Dark Reading:       PR Newswire:       Infosecurity Magazine:      Rappler:    SC Magazine

You Might Also Read: 

Cyber Attacks Knock 7.2% Off The Average Company Share Price:

 

« Taiwan Company Guilty Of Semiconductor IP Theft
Cyber Security For SMEs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.