Narrative Attacks: A New Threat Vector for Security Leaders

The phrase, ‘This is a new threat vector,’ came directly from a top CISO representing a well-known brand at a fall Security Leadership Conference. This is how they described ‘Narrative attacks’ that included misinformation and disinformation when he saw the Blackbird.AI Constellation Narrative Intelligence Platform demonstrated on stage by our CEO and Co-founder, Wasim Khaled. 

Since then, we have met with hundreds of security leaders, and they all say the same thing, 

“Narrative Attacks are a blind spot to our organization, and current tools do not give us visibility into them or protection against them.” 

– Quote, CISO of a Fortune 500 Retail Brand

We define narrative as ‘any assertion that shapes perception about a person, place or thing in the information ecosystem.’ The risk comes when narrative attacks quickly scale out of control and become harmful, impacting companies with financial, operational, and reputational harm. 

‍You hear about narrative attacks in the headlines daily as they quickly scale from a single post or story and utterly blindside an organization as they lack visibility across the internet into harmful narratives, misinformation, and disinformation. With limited knowledge, they are not prepared for when a crisis hits and can’t make informed strategic decisions when engaging with the executive team. Current threat intelligence and social listening tools do nothing to understand new narrative risks. Legacy systems count keywords and do not provide insight into harmful narratives. 

How big is the problem?

• $78B lost each year to private firms due to disinformation
• 88% of investors consider disinformation attacks on corporations a serious issue
• 53% of US respondents: “CEOs & business leaders should do whatever they can to stop the spread of misinformation.”
• 25% of respondents thought business leaders were currently doing enough

Narrative attacks have quickly become a top priority for every executive team, especially cybersecurity leaders because they are best positioned to understand and protect against cyber risks. More and more security leaders reach out to us directly (from financial institutions, consumer brands, critical infrastructure, healthcare, etc.) inquiring about our Narrative Intelligence Platform, as these attacks are a significant blind spot to their team and see the problem as only worsening. They want to bring this visibility to executive leadership to demonstrate their value and to protect the company. 

The Gap – And Opportunity – For The Security Leader

In a recent customer meeting with a large multinational organization, their leader told us, 

“We felt helpless about this topic (Narrative attacks) before we engaged with you.” 

From our discussion with hundreds of security leaders, there is an intense desire for an improved ability to understand the harmful narratives across the internet that involve their organization. They want this data to develop counter-narratives to best position the organization in times of crisis to minimize the impact. Knowing the narratives, security leaders can share insights on narrative attacks with their leadership team, corporate communications, and the board of directors to protect the organization best.  

Fusion Center – Security And Communication Officers Coming Together To Be Better Prepared For Crisis Moments

A large financial institution we work with shared a new initiative to foster cross-organization collaboration around narrative risks to the company. They shared with us,

“We are creating a Fusion Center to bring together disparate teams within the organization so that we can be better prepared during moments of crisis.” 

They shared further that this group includes security leaders, communication officers, heads of marketing, risk, legal, and product, as well as others to do wargaming exercises to understand better the risks and how best to react to them with complete information about the narrative attacks spreading about the organization. Security teams are in a great position to lead this effort as they are experienced in watching for and protecting the company from threats. 

The Top Narrative Attack Use Cases Security Leaders (And Executive Teams) Are Concerned Most About Include:

Crisis Narratives

When a crisis impacts your organization, immediate knowledge of the narratives spinning up across the internet is critical. Whether it is customer, partner, employee, executive, product, or news headline-related, knowing the narratives before, during, and after a crisis is paramount. 

Examples Of Harmful Narratives

Customer incidents, partner crises, employee accidents, executive emergencies, product defects, third-party targeting of the company, strikes, severe weather, terrorism, and geopolitical risk.

Cyber Attack Narratives

Security incidents, attacks, and breaches are in the headlines daily, and the stakes have never been higher. When a breach – or even a fake breach – happens, harmful narratives rocket across the internet. Organizations have no visibility into damaging reports, who is behind them, how they scale and morph, and how perception is manipulated. These online narratives can significantly increase the severity and financial impact of the breach. With increased government scrutiny and regulation by the SEC around disclosing a breach, this problem and the steps a company needs to take in times of crisis are even more critical. Knowing the narratives and communicating your narrative about the facts to customers and markets can significantly reduce the risk for the company.

Examples Of Cyber Attack Narratives

A breach of customer and employee data, stolen IP, a fake breach that was reported to the news but did not happen, a cyber attack on a customer or a competitor, the breach of a supplier or a partner, the impact on critical infrastructure, geopolitical risk, and nation-state targeting.

Brand Reputation Risk Narratives

Your organization and brand’s reputation are at constant risk from narrative attacks. Knowing how you are perceived online and what is being said is crucial. At every turn, knowing the possible adverse effects on customer reputation and trust is vital for you to truly listen to what is being said out there and by whom. It gives you better insight to communicate better in times of crisis to keep your brand on the right side of public opinion. 

Examples of Harmful Brand Reputation Narratives

False or misleading information about the organization, products, or executives, understanding how products are being viewed, positively and negatively, to structure messaging campaigns to create positive momentum, threats of organized protests, boycotts, or strikes, calls for class action lawsuits, backlash, revenge posting, decline in satisfaction with products or services, understanding who the “true influencers” are about your product/brand (both optimistic and hostile) and their affiliations, competitive actions and vulnerabilities, sector instances.

Geopolitical Risk Narratives

Organizations must identify and understand geopolitical narratives to ensure business continuity in today’s increasing geopolitical risk. These global events affect your employees, customers, infrastructure, and vendors, so it is essential to understand whether core elements of your organization’s strategy are impacted or derailed by pressure from public opinion.

Examples of Harmful Geopolitical Narratives

The impact of wars, terrorist acts, political tensions, and embargoes, a response based on the organization’s stance on a specific issue, have implications on critical infrastructure, employees, customers, vendors, nation-state targeting, strikes, boycotts, protests, lawsuits, or misrepresentations of the organization and competitors. 

Financial Market Risk Narratives

Harmful narratives spread quickly across the internet when word emerges that a financial institution is vulnerable and at risk of failing. These damaging narratives can accelerate the pressure on the bank, its customers, and its investors. Knowing these harmful narratives before, during, and after a financial crisis and who was behind them would enable the bank to create a counter-narrative about the steps to dispel the concern. It could reduce or slow the risk to all parties.  

Examples of Harmful Financial Market Narratives

Bank failures, inflation, the Great Recession mortgage crisis, oil crisis, terrorist attacks, September 11th, the .com bust, war, pandemics, currency fluctuations and manipulation, elections, severe weather, new regulations, business segment disruptions, and competitive crisis.

Insider Threat Narratives

Insider threats are one of the most feared events for any company. Someone inside can cause significant financial, operational, and reputational harm by knowingly or unknowingly sharing trade secrets, IP, customer, or employee data. These threats to an organization’s intellectual capital, know-how, trade secrets, or patented methods are at risk from insider threats that could be shared and observable through conversational data online. It is critical to know what harmful narratives are being discussed across the internet and the impact they could have on company employees who are at risk. 

Examples Of Harmful Insider Threat Narratives

The sharing of confidential information; the sale of customer, employee, and intellectual property; the potential influence by foreign maligned organizations; the impact of cyber criminals; the sharing of vulnerabilities and exploits in open-source software packages and in software applications that are embedded in an organization’s systems; the sharing of harmful views about a company its executives.

Supply Chain And Critical Manufacturing Risk Narratives

When organizations have significant supply chain and manufacturing risks, knowing what harmful narratives may be circulating is critically essential. Is your organization or the business sector overall being impacted by shortages, claims of harm, caught in escalating regional tensions, threatened with the cancelation of supply, inflationary pressure, and facing sole source risk challenges? These situations create public narratives that can spin up quickly and impact your organization further.

Examples of harmful Supply Chain And Critical Manufacturing narratives include Product shortages or stoppages, emerging adversarial stances, boycotts, labor unions, activism, terrorism, parts and ingredient shortages, price increases, employee targeting, geo-political risk, civil unrest, safety incidents, and competitive moves.

Stock Manipulation Narratives

Stock manipulation is increasingly driven by social media manipulation of public perception, including sophisticated tradecraft involving burner account networks and bots. Manipulation tactics (synthetic amplification, false representation) create cohesive pressure on stock prices (Meme stocks) and deals via channels like r/wallstreetbets on Reddit.

Examples of harmful Stock Manipulation narratives include Intentional market manipulation to drive stock and currency prices, foreign state actors attempting to disrupt/destabilize companies and financial markets, Meme stocks to pump & dump stocks, adversarial actors spreading narratives to break down a company, creating risk and volatility, and drive hedging and short seller attacks contrived to generate controversy and perception manipulation. 

Due Diligence / M&A / Corporate Intelligence Narratives

When organizations have a strategy to grow through mergers and acquisitions, understanding the narratives around the potential investments during the due diligence stage is critical. Questions that should be investigated include how the organization’s interests in a brand and its reputation, products, and governance are being perceived across the public media landscape, especially in a way that could affect valuation or future potential for growth.  Does the company being acquired have narrative risks that you may not be aware of that could affect its ability to attract investors, customers, and partnerships

Examples of harmful Due Diligence / M&A / Corporate Intelligence narratives include The company under due diligence accused of wrongdoing or misconduct in a way that could put the deal under pressure, critical elements in the company’s supply chain, including specific vendors or product ingredients, being vulnerable to information threats or showing a history of publicly visible problems (e.g., lawsuits, boycotts, etc.) that could threaten viability of the deal, social profiles of company executives indicating stances on issues, personal preferences, and networks, and portfolio monitoring post-acquisition to understand the narratives on how customers perceive the acquisition.

Environmental, Social, and Governance Narratives

An organization’s responsibility around environmental, social, and governance initiatives is at risk of narrative attacks based on the perception of how they address these issues and how the public understands them. With ongoing legislative changes, will it force the organization into compliance with audits where quantitative assessments of public discourse through narrative visibility can provide valuable perspectives? 

Examples of harmful ESG narratives include Deteriorating public opinion, putting ESG initiatives and ratings at risk, accusations of greenwashing, racism, and treatment of employees, activism that accuses the organization of lack of responsibility regarding the environment like climate impact and pollution, human health impact, animal rights, and manufactured controversy and activism could lead to protest events, boycotts, class action lawsuits, and regulatory changes.

Physical Security Narratives

Physical security is of great concern to organizations as it pertains to employees and facilities across the globe. Your employees and facilities are essential and critical to your business and customers. Understanding the narratives that could impact them gives you an easy way to investigate global events that may affect your people, customers, infrastructure, or vendors.

Examples of harmful Physical Security narratives include Significant events or venues facing security risks, protest events being coordinated, facilities being threatened, fielded equipment at risk (e.g., 5G towers, pipelines, etc.), critical infrastructure vulnerabilities

Executive Targeting Narratives

Executives, board members, and critical employees can become targets of narrative attacks based on fake or real-world incidents. Taking a stance on global issues, strategic initiatives, announcements, and harmful incidents can make executives and the organization vulnerable to financial and reputational harm. 

Examples of harmful Executive Targeting narratives include Threats to harm executives being made online, physical threats when visiting a location, oversharing personal information, extortion, exposure of deleterious incidents, alignment with geo-political or unique perspectives and issues, and fake communications about the organization. 

How To Best Protect Your Organization From Narrative Attacks 

• Gain a comprehensive understanding of real-time narrative attacks impacting your organization to make better strategic decisions.
• Understand the narrative risk to help with mitigation planning: Do we respond?  Should we monitor? Should we act?
• Evaluating possible actions the organization can take:
• Protect your employees, customers, partners, and the executive team
• Adapt your security posture
• Develop a plan to the messaging
• Recommend counter-narratives that de-escalate
• Issue warnings and bulletins to inform personnel

This is where we can help. BLACKBIRD.AI protects organizations from narrative attacks and risks that cause financial and reputational harm. Powered by our AI-driven Constellation Platform and our RAV3N Narrative Intelligence and Research Team, organizations can proactively understand narrative threats as they evolve for better strategic decision-making when they need it most. We were founded by a diverse team of AI experts, narrative intelligence analysts, and national security professionals to defend information integrity and fight a new class of information-based risk. 

To learn more about how Blackbird.AI can help you in these situations, contact us here.