The Methods Used by Security Teams to Combat Disinformation - Course Monster Blog

“A lie can travel halfway around the world while the truth is still putting on its shoes.” The quote is often attributed to Mark Twain, however, he never said it. The quote’s origin is unknown, but the concept that lies spread quickly while truth spreads slowly like disinformation is an old one.

The quote attributed to “Twain” illustrates the distinction between misinformation and disinformation. Misinformation is an error that is spread unintentionally, while disinformation is false information disseminated with the intent to deceive or harm.

In contrast, disinformation is a deliberate deception. Its aim is to deceive, cause harm or gain an advantage by spreading false information. As long as spreading lies is profitable and effortless, businesses must be able to adapt quickly.

Disinformation’s Negative Effects

It all comes down to the intent behind spreading the information. The goal of the person or group sharing the data is crucial. Real-world examples demonstrate the harm caused by these falsehoods and the potential for future abuse they create.

In 2019, scammers utilized AI technology to impersonate the voice of a CEO of a European energy company. They made a phone call using the artificial voice and urgently requested an employee to transfer €220,000 ($243,000) to a Hungarian vendor within 60 minutes. The scammers, anxious as the money did not arrive as quickly as they expected, made two more calls. This raised the employee’s suspicion. However, by then it was too late to recall the funds, and the scammers were able to obtain the money. Fortunately, the company was protected from financial loss by fraud insurance.

Though minimal harm was caused, this incident served as a warning of potential future danger. This was the first recorded instance of AI being used to imitate a voice for fraudulent purposes. Cybersecurity experts anticipate that the next development will be the use of AI to replicate both voice and facial expressions. If the imitation appears and sounds genuine, it will raise no suspicions, making the scam harder to detect and hence more profitable.

Disinformation as a Service

Disinformation can have multiple objectives and the COVID-19 pandemic provided a significant opportunity for scammers. A scam from 2021 highlighted the trend of Disinformation-as-a-Service, where an external party pays for social media influencers to spread and promote disinformation. Fazze, a PR agency that appears to have Russian government backing, approached successful YouTubers to criticize the Pfizer vaccine. Offering large sums of money, the company asked the influencers to spread disinformation, not to disclose their sponsorship, and to present themselves as if they were sharing information. The scheme was exposed when a few YouTubers went public about the strange offer. The BBC reported speculation of Russia’s connection to the scheme to promote their own vaccine, Sputnik V, illuminating how nation-state attacks often initiate disinformation campaigns.

Small and medium-sized businesses (SMBs) can also be targeted. Disinformation spread through the fake review market has a significant impact on small, local businesses. A study on the direct impact of fake reviews on online spending estimated that fake reviews caused businesses to lose $152 billion globally in 2021. The study cites an example of an Australian plastic surgeon whose business decreased by 23% in a single week following a fake review. Similarly, a plumbing business based in California lost 25% of its business when a rival posted a fake review. In New York, two busing companies discovered that fake positive reviews effectively redirected business from one company to the other.

How to Fight Disinformation and Misinformation

Disinformation can be financially rewarding, making it a challenge for businesses of all sizes to deal with. Fortunately, there are actions that can be taken when facing a disinformation or misinformation attack.

1. Train your employees. There is a possibility that your business will be targeted by malicious actors. Your CSOs and CISOs need the necessary technical and social expertise to counter disinformation. As disinformation is both a security and communications concern, it is also important to provide training to your communications and marketing teams.
2. Make a plan. IT teams prepare recovery plans for natural and human-induced disasters, and a similar plan is required for a disinformation crisis. Establish team roles and the steps that should be taken when disinformation occurs. Utilize probable scenarios to evaluate the plan and identify weaknesses so that everyone is prepared when the crisis occurs.
3. Bring in outside forces. Sometimes it can be too overwhelming to handle the PR and communications issues internally. Your IT and security teams may not have the knowledge on how to handle these types of attacks. Bring in external teams that are experienced in resolving technical and PR problems caused by disinformation. Research these companies beforehand so you know who to contact in case of an attack.
4. Use social media monitoring tools. These tools may not be able to prevent an attack, but they can provide early warning of an impending attack, giving you a few hours or days to activate your plan and minimize the damage.

How to Prevent Disinformation Attacks

Preventative measures are more straightforward and less expensive than trying to combat a disinformation campaign that has spiraled out of control. There are various preventative actions that can be taken to enhance your protection.

1. Stay vigilant for potential risks and vulnerabilities. Understand the different ways threats can occur. Does your company have a high-profile CEO? Does your brand have a stance on contentious topics? Are you a small business that relies heavily on reviews? These are all factors that can lead to attacks. Identify weaknesses and take steps to strengthen your defenses as soon as possible.
2. Be proficient in social media. Monitoring tools can provide advance warning of an attack, but social media can also be used as a defensive tool. Keep an eye on what people are saying about your organization. Monitor social media conversations surrounding your brand that you are not initiating. If any activity raises concerns, the communications team can address it.
3. Take a proactive approach. PR, communications, and marketing teams should engage in ongoing and genuine interactions with customers. This establishes trust and makes customers more likely to approach you with questions before spreading false information. Encourage interactions with partners and vendors for the same purpose.\
4. Adopt good information practices. Never circulate unverified information. Identify reliable sources and learn how to recognize compromised, hacked, or spoofed sources. Educate employees on how to protect against threats such as phishing and social engineering. Set guidelines for appropriate behavior during company-related activities and how employees should communicate without putting the company at risk. Additionally, provide training for the C-suite on reputation management and how to handle situations where their actions may be recorded and shared.

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com