Disinformation is the Latest Exploding Cybersecurity Threat
We have all seen the cornerback in American football beaten by a wide receiver, or the defender in soccer, (football to the rest of the world), left flat-footed as Renaldo or Messi blasts past them toward the goal. We can all fall victim to a good head fake and find ourselves wondering how we just got scored on! Unfortunately, the same thing can happen to our businesses in general and more specifically to our cybersecurity teams. The recent election here in the U.S. and much of the run-up to it has brought the term “Fake News” into our lexicon as if it was something new but it has been around for thousands of years. Military planners have used it to great effect for many years. As an amateur historian, I find the entire misinformation and misdirection campaign of George Washington very interesting. In 1777 Washington, through his network of spies launched a disinformation campaign that convinced the British that the American army consisted of 12,000 men when in fact it numbered just over 1,000. This caused the cautious British commanders to stay in “winter quarters” and not pursue the Continental Army which probably would have been crushed had they been attacked. This is just one example of how disinformation is used to weaken the defenses of any organization.
I know that many of you are thinking that Cybersecurity has very little to do with disinformation, that it is more for the legal team or the marketing and brand teams to be concerned with trolls on social media sending out bad information, (up to and including the misrepresentation of facts or blatant lies), about one company or another. This is definitely something companies need to be aware of, and more importantly, ensure they have a response at the ready.
It is time for the cybersecurity community to realize that disinformation can cause major problems for them as well.
It happens when their user community receives fake security information or is dupped, usually through phishing or other social engineering methods, to surrender information that they would normally not allow outside of the organization. According to a recent article in Forbes Magazine, the proliferation of disinformation is effectively serving as a bait store for phishers. They further point out that the COVID-19 pandemic has proved to be very fertile ground for them to plant their insidious messages and lure many to introduce malware to their environment or offer up personal information to a well-crafted false website.
Recently with the rise of ransomware and its attendant publicity, there have been incidents where bad actors have convinced customers of organizations that their personal data has been either compromised, or encrypted, and they demand payment to either not release it or to unencrypt it. It is time the cybersecurity team understands that they are best positioned to combat a disinformation campaign aimed at their organization. There is no doubt that this is something that directly falls in their wheelhouse!
If we look at it logically the cybersecurity team is best positioned, both from a tooling and staffing standpoint to combat all forms of attacks that may start with or be wholly based on false and misleading information. In order to be effective, an attacker must use various technical methods to spread their false and misleading information and many of the tools available to the Security Operations Center or the Threat Intelligence teams can be used to locate the source of the attack and even to contain its impact.
The responsibility, as we all know, comes from the top down legally when it comes to cybersecurity in an organization. Having a documented plan and the ability to show a full audit trail, even when it comes to disinformation and misinformation impacting an organization can be the difference between a manageable problem and a full game-changer for an organization's stock price, brand, reputation, and legal capabilities. Even though we commonly think of disinformation and misinformation when it comes to news, the reality is that it is everywhere and it must be identified, documented, understood, and audited. This includes having not only excellent technical defenses but also solid information about your attacker(s).
While this may seem daunting to some, for the cybersecurity team it is truly mission-critical. So, what do you do? First of all, as Sun Tzu said in his ancient book The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” In the previous paragraph, we referenced knowing yourself. What tools do you have, what training does your cybersecurity team have and do you have them properly deployed? But how do you learn about your enemy and know them? You need to make sure that you are fully aware of the types of disinformation that might be targeting your user community. Gather intelligence about how attackers can entice people who are in your network to either volunteer information or introduce malware into your environment without realizing they are doing so. Constant vigilance is the key.
Never let down your guard or overlook disinformation that might be used against you and your organization. To do this you need a solid source of intelligence about the disinformation that is out there and the earlier you know about it the better. Remember the earlier you get a warning about a tsunami the better your chances of survival. Don’t wait until the wave of disinformation is upon you know about it and respond to it as early as possible. Contain and counter its effects quickly, understand the intent behind it, and you will save yourself — and your organization — a lot of work and sleepless nights.
Garrett Kolb, CISM is a senior level manager and Information Technology (IT) infrastructure architect at a Fortune 500 company, with over 40 years experience in the Information Technology profession with more than 25 of those years in cybersecurity. His experience spans several verticals with the majority of his time spent in financial sector and the telecommunications verticals. He has architected and implemented protection strategies for a number of companies, lead security teams and spent time in the vendor space as well.
He currently leads a team of internal-facing cybersecurity consultants for a major fintech company. His passion is to train and mentor the next generation of cybersecurity professionals by looking to non-traditional avenues for those with talent and determination.
Mr. Kolb has published several articles on Information Security topics and has spoken at a number of conferences throughout his career.
He can be reached on LinkedIn.