The Internet, as transformative as it may be for digitizing companies, connecting communities and informing people, does not come with a user guide to help us navigate it. And as people become more aware of the dark side of the web, they are looking for tools to help defend themselves against campaigns designed to manipulate the way they think or behave.
Misinformation and misinformation abound, but so far it has been seen as a challenge for policy makers and big tech, including social media platforms. However, because disinformation is by nature an online risk, it is also a challenge for our cybersecurity ecosystem.
But tackling the manipulation of the truth is not an easy task. The sheer volume of data created makes it difficult to know what is real and what is not. From the destruction of 5G towers to conspiracies like QAnon to unfounded concern over voter fraud, distrust is becoming the norm, and this can have incredibly damaging effects on society.
Disinformation and fake news are also part of the distribution package, rather than the end goal – it is increasingly used to distribute malware by manipulating people’s heightened fears and emotions. For example, Avast found that bogus stores claiming to sell Covid-19 cures that use the World Health Organization logo were intended for people to download malware.
Until now, the technology sector, mainly social media companies, given that their platforms allow fake news to spread exponentially, have tried to implement some measures, with varying levels of success. For example, WhatsApp has imposed a stricter limit on its message forwarding ability, and Twitter has started flagging misleading posts.
Despite these efforts, reports that emphasize concerns about the issue of intelligence services and independent committees are being overlooked, while policies cannot be implemented quickly enough to keep up with the ways in which constant change in which fake news is spread. But it’s not just about having more laws; in fact, in some cases, too much regulation can be used as an excuse to stifle free speech. We must be very careful not to abuse it as a tool.
We are also seeing the rise of tech startups that are exploring ways to detect and stop the flow of disinformation, such as Right to Reply, Astroscreen, and Logically. These companies don’t typically refer to themselves as cybersecurity companies, but it can be argued that this is indeed what they are.
It’s a matter of definitions: If we agree that cybersecurity is not just about data breaches, but data integrity, then it is clear that these companies fall under the security umbrella.
More than that, disinformation has the potential to undermine national security and should be at the center of our cyber defenses.
However, the cybersecurity innovation ecosystem as a whole has been underutilized and little motivated to play a role in this landscape. Many startups and startups have the tools to combat disinformation and tackle botnets, such as automated threat detection, but they do not consider stopping the flow of disinformation to be in their domain.
This will change as businesses increasingly become the target of disinformation, creating increased market demand among IT teams. We are seeing cyber espionage techniques such as creating fake news to retain influential members of a competing company or damage a brand’s reputation, and this will change our perception of the challenge as it becomes more widespread in the business world.
Data breaches cause loss of value, but also data manipulation. This reflects the changing nature of cybersecurity in general – it is now more about protecting a company’s values, brand, and reputation than just a network security issue.
Disinformation continues to be an emerging frontier for cybersecurity, and we will need unconventional techniques far beyond data breach notifications and regulatory fines. New alliances and partnerships between industry and government must emerge. More than that, our fundamental assumptions of what a cyber attack looks like must evolve as well.
But the first step is to recognize it as a new type of online risk where effective cybersecurity is part of the solution.