Fake News Is A Big Problem For CISOs

Uploaded on 2020-11-10 in TECHNOLOGY-Key Areas-Social Media, NEWS-News Analysis, FREE TO VIEW

Fake news and disinformation might appear to be a problem exclusively for social media firms that have to have to watchful to identify and remove propaganda lies from their platforms In fact, fake news is also a significant problem for business and misnformation and disinformation campaigns are just as bad for businesses as they are national elections.

So what  should Chief Information Security Officers (CISO) loook our for and what measures can they take? 

The 2020 SafeGuard Cyber Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic. Respondents were asked to  rate  their adaptations to date, identify the gaps thay can see and explain how they're planning for the future. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. ​

One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they've rushed certain projects that were scheduled for later.

According to Safeguard Cyber, disinformation is a real cyber security issue which can be used to destroy an organisation's brand value and create conflict within a company's employees. It can also be used as a form of ransomware. Recently, a private psychotherapy clinic in Finland was hacked and the therapist notes on potentially 40,000 patients were stolen. The attacker then proceeded to email the victims, asking each for €200 ransom in Bitcoin.This is a terrifying prospect for organisations and their customers and  it’s easy to imagine a scenario where attackers can claim to have breached an organization and try to extort money from the organization, its partners, and customers. “It is deployed against the company by hacker groups, criminals, and even nation-states. Security organisations are best equipped to build the right tools to fight disinformation since they have experience in defending the company against attacks at scale.” said Otavio Freire, CTO at Safeguard Cyber

The evidence points towards disinformation becoming a standard tool of nation-state actors, cyber-criminals, activists and even competitors. 

Distributed Denial of Service (DDoS) attacks have been a common tactic by criminals and it can be difficult for CISOs to determine which requests landing on their website are legitimate versus those that are fake. Even on a small scale  this kind of disinformation can have long term consequences and CISOs can find themselves not just responsible for securing technology, but  for processes and people too. In such circumstances, CISOs are immediately on the defensive - they have to validate whether a breach has actually occurred or not, and if so, what data was stolen. They have to notify regulators, inform customers, agree what the best course of action is with stakeholders, brief PR agencies and discuss it with the lawyers. It becomes a wide-scale issue involving many different disciplines of which the technical side forms but a small component. 

Fighting disinformation will likely become one of the biggest challenges that CISOs will face in the future and  CISO should learn communicate with everybody, not just the board and this should include employees, partners, stakeholders, the press, and the public at large. 

In terms of defenses, transparency is paramount. If there’s a breach, CISOs should not let circumstances dictate the story. and make sure they take control of the narrative.   

Dark Reading:       PR Newswire:       Infosecurity Magazine:      Rappler:    SC Magazine

You Might Also Read: 

Cyber Attacks Knock 7.2% Off The Average Company Share Price:

 

« Taiwan Company Guilty Of Semiconductor IP Theft
Cyber Security For SMEs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Go Grow

Go Grow

Go Grow is a business oriented accelerator program at Copenhagen School of Entrepreneurship. Targeted technologies include IoT, AI and Cybersecurity.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.