Fake News Is A Big Problem For CISOs

Uploaded on 2020-11-10 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Fake news and disinformation might appear to be a problem exclusively for social media firms that have to have to watchful to identify and remove propaganda lies from their platforms In fact, fake news is also a significant problem for business and misnformation and disinformation campaigns are just as bad for businesses as they are national elections.

So what  should Chief Information Security Officers (CISO) loook our for and what measures can they take? 

The 2020 SafeGuard Cyber Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic. Respondents were asked to  rate  their adaptations to date, identify the gaps thay can see and explain how they're planning for the future. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. ​

One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they've rushed certain projects that were scheduled for later.

According to Safeguard Cyber, disinformation is a real cyber security issue which can be used to destroy an organisation's brand value and create conflict within a company's employees. It can also be used as a form of ransomware. Recently, a private psychotherapy clinic in Finland was hacked and the therapist notes on potentially 40,000 patients were stolen. The attacker then proceeded to email the victims, asking each for €200 ransom in Bitcoin.This is a terrifying prospect for organisations and their customers and  it’s easy to imagine a scenario where attackers can claim to have breached an organization and try to extort money from the organization, its partners, and customers. “It is deployed against the company by hacker groups, criminals, and even nation-states. Security organisations are best equipped to build the right tools to fight disinformation since they have experience in defending the company against attacks at scale.” said Otavio Freire, CTO at Safeguard Cyber

The evidence points towards disinformation becoming a standard tool of nation-state actors, cyber-criminals, activists and even competitors. 

Distributed Denial of Service (DDoS) attacks have been a common tactic by criminals and it can be difficult for CISOs to determine which requests landing on their website are legitimate versus those that are fake. Even on a small scale  this kind of disinformation can have long term consequences and CISOs can find themselves not just responsible for securing technology, but  for processes and people too. In such circumstances, CISOs are immediately on the defensive - they have to validate whether a breach has actually occurred or not, and if so, what data was stolen. They have to notify regulators, inform customers, agree what the best course of action is with stakeholders, brief PR agencies and discuss it with the lawyers. It becomes a wide-scale issue involving many different disciplines of which the technical side forms but a small component. 

Fighting disinformation will likely become one of the biggest challenges that CISOs will face in the future and  CISO should learn communicate with everybody, not just the board and this should include employees, partners, stakeholders, the press, and the public at large. 

In terms of defenses, transparency is paramount. If there’s a breach, CISOs should not let circumstances dictate the story. and make sure they take control of the narrative.   

Dark Reading:       PR Newswire:       Infosecurity Magazine:      Rappler:    SC Magazine

You Might Also Read: 

Cyber Attacks Knock 7.2% Off The Average Company Share Price:

 

« Taiwan Company Guilty Of Semiconductor IP Theft
Cyber Security For SMEs »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Cyberi

Cyberi

Cyberi provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance to incident management and response, and technical security research.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.