We have all seen the cornerback in American football beaten by a wide receiver, or the defender in soccer—football to the rest of the world—left flat-footed as Renaldo or Messi blasts past them toward the goal. We can all fall victim to a good head fake and find ourselves wondering how we just got scored on.
Unfortunately, the same thing can happen to our businesses in general and more specifically, to our cybersecurity teams.
The recent election here in the U.S. and much of its run-up has brought the term “Fake News” into our lexicon as if it was something new, but the concept itself has been around for hundreds of years. Military planners have used disinformation and subterfuge to great effect throughout history. As an amateur historian, I find George Washington’s misinformation and misdirection campaign very interesting. In 1777 Washington, through his network of spies, launched a disinformation campaign that convinced the British colonial powers that the American army consisted of 12 thousand men, when in fact it numbered just over one thousand. This caused the cautious British commanders to remain in their winter quarters without pursuing the Continental Army, which probably would have been crushed had they been attacked. This is just one example that demonstrates how disinformation can be used to weaken the defenses of any organization.
Many of you may think that cybersecurity has very little to do with disinformation; perhaps that it is more for the legal, marketing or brand teams to be concerned with trolls on social media sending out harmful information (including the misrepresentation of facts or blatant lies) about one company or another. This is definitely something companies need to be aware of, and more importantly, ensure they have a response at the ready. It is time for the cybersecurity community to realize that disinformation can cause major problems for them as well. This may happen when an organization or company’s user community receives fake security information or is duped, usually through phishing or other social engineering methods, to surrender information that they would normally not allow outside of the organization. According to a recent article in Forbes Magazine, the proliferation of disinformation is effectively serving as a “bait store for phishers”. They further point out that the COVID-19 pandemic has proved to be very fertile ground for disinformation actors to plant their insidious messages and lure many to introduce malware to their environment or offer up personal information to a well-crafted false website.
Recently with the rise of ransomware and its attendant publicity, there have been incidents where bad actors have convinced customers of organizations that their personal data has been either compromised, or encrypted, and they demand payment to either not release it or to unencrypt it. It is time the cybersecurity team understands that they are best positioned to combat a disinformation campaign aimed at their organization. There is no doubt that this is something that falls directly in their wheelhouse!
If we look at it logically the cybersecurity team is best positioned, both from a tooling and staffing standpoint, to combat all forms of attacks that may start with or be wholly based on false and misleading digital information. In order to be effective, an attacker must use various technical methods to spread their disinformation, and many of the tools available to the Security Operations Center or Threat Intelligence teams can be used to locate the source of the attack and even to contain its impact.
The legal responsibility, as we all know, comes from the top down when it comes to cybersecurity in an organization. Having a documented plan and the ability to show a full audit trail, even when it comes to disinformation and misinformation impacting an organization can be the difference between a manageable problem and a full game-changer for an organization’s stock price, brand, reputation, and legal capabilities. Even though we commonly think of disinformation and misinformation when it comes to news, the reality is that it is everywhere and it must be identified, documented, understood, and audited. This includes having not only excellent technical defenses but also solid information about your attackers.
While this may seem daunting to some, for the cybersecurity team it is truly mission-critical. So, what do you do? First of all, as Sun Tzu said in his ancient book The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” In the previous paragraph, we referenced knowing yourself. What tools do you have, what training does your cybersecurity team have and do you have them properly deployed? But how do you learn about your enemy and know them? You need to make sure that you are fully aware of the types of disinformation that might be targeting your user community. Gather intelligence about how attackers can entice people who are in your network to either volunteer information or introduce malware into your environment without realizing they are doing so. Constant vigilance is the key.
Never let down your guard or overlook disinformation that might be used against you and your organization. To do this you need a solid source of intelligence about the disinformation that is out there and the earlier you know about it the better. Remember that the earlier you recieve a warning about a tsunami, the better your chances of survival. Do not wait until the wave of disinformation is upon you – identify it and respond to it as early as possible. Contain and counter its effects quickly, understand the intent behind it, and you will save yourself—and your organization—a lot of work and sleepless nights.
Garrett Kolb is a senior level manager and Information Technology infrastructure architect at a major fintech Fortune 500 company, with over 40 years experience in the Information Technology profession, over 25 of which have been spent in cybersecurity. He currently leads a team of internal-facing cybersecurity consultants where his passion is to train and mentor the next generation of cybersecurity professionals by looking to non-traditional avenues for those with talent and determination. Kolb’s professional experience spans several verticals with the majority of his time spent in the financial and telecommunications sectors. He has architected and implemented protection strategies for a number of companies, led security teams and also spent time in the vendor space. Kolb has published several articles on Information Security topics and has spoken at a number of conferences throughout his career.