Not Falling for the Fake: Information as a Cybersecurity Threat

We have all seen the cornerback in American football beaten by a wide receiver or the defender in soccer—football to the rest of the world—left flat-footed as Renaldo or Messi blasts past them toward the goal. We can all fall victim to a good head fake and wonder how we just got scored on.
‍
Unfortunately, the same thing can happen to our businesses and, more specifically, our cybersecurity teams.

The recent election here in the U.S. and much of its run-up has brought the term “Fake News” into our lexicon as if it were something new, but the concept itself has been around for hundreds of years. Military planners have used narrative attacks and deception to significant effect throughout history. As an amateur historian, I find George Washington’s misinformation and misdirection campaign very interesting. In 1777, Washington, through his network of spies, launched a narrative attacks campaign that convinced the British colonial powers that the American army consisted of 12 thousand men, which numbered just over one thousand. This caused the cautious British commanders to remain in their winter quarters without pursuing the Continental Army, which probably would have been crushed had they been attacked. This is just one example that demonstrates how narrative attacks can weaken any organization’s defenses.

LEARN MORE: Misinformation and Narrative Attack Readiness Assessment

Many of you may think that cybersecurity has very little to do with narrative attacks; perhaps it is more for the legal, marketing, or brand teams to be concerned with trolls on social media sending out harmful information (including the misrepresentation of facts or blatant lies) about one company or another. Companies need to be aware of this and, more importantly, ensure they have a response ready. It is time for the cybersecurity community to realize that narrative attacks can also cause significant problems for them. This may happen when an organization or company’s user community receives fake security information or is duped, usually through phishing or other social engineering methods, to surrender information they usually would not allow outside the organization. According to a recent article in Forbes Magazine, the proliferation of narrative attacks is effectively serving as a “bait store for phishers.” They further point out that the COVID-19 pandemic has proved to be fertile ground for narrative attacks actors to plant their insidious messages and lure many to introduce malware to their environment or offer personal information to a well-crafted false website.

Recently, with the rise of ransomware and its attendant publicity, there have been incidents where bad actors have convinced customers of organizations that their personal data has been either compromised or encrypted, and they demand payment to either not release it or unencrypt it. It is time the cybersecurity team understood that they are best positioned to combat a narrative attacks campaign aimed at their organization. There is no doubt that this is something that falls directly in their wheelhouse!

If we look at it logically, the cybersecurity team is best positioned, both from a tooling and staffing standpoint, to combat all attacks that may start with or be wholly based on false and misleading digital information. An attacker must use various technical methods to spread their narrative attacks effectively. Many of the tools available to the Security Operations Center or Threat Intelligence teams can be used to locate the source of the attack and even to contain its impact.

As we all know, the legal responsibility comes from the top down regarding cybersecurity in an organization. Having a documented plan and the ability to show a complete audit trail, even when narrative attacks and misinformation impact an organization, can be the difference between a manageable problem and a full game-changer for an organization’s stock price, brand, reputation, and legal capabilities. Even though we commonly think of narrative attacks when it comes to news, the reality is that it is everywhere, and it must be identified, documented, understood, and audited. This includes having excellent technical defenses and solid information about your attackers.

While this may seem daunting to some, for the cybersecurity team, it is truly mission-critical. So, what do you do? First of all, as Sun Tzu said in his ancient book The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” In the previous paragraph, we referenced knowing yourself. What tools do you have, what training does your cybersecurity team have, and are they adequately deployed? But how do you learn about your enemy and know them? You must ensure you are fully aware of the types of narrative attacks targeting your user community. Gather intelligence about how attackers can entice people in your network to either volunteer information or introduce malware into your environment without realizing they are doing so. Constant vigilance is the key.

Never let down your guard or overlook narrative attacks that might be used against you and your organization. To do this, you need a solid source of intelligence about the narrative attacks, and the earlier you know about it, the better. Remember that the earlier you receive a warning about a tsunami, the better your chances of survival. Do not wait until the wave of narrative attacks is upon you – identify and respond to it as early as possible. Contain and counter its effects quickly, understand its intent, and you will save yourself and your organization a lot of work and sleepless nights.

• Garrett Kolb, Guest Contributor

‍To learn more about how Blackbird.AI can help you with election integrity, book a demo.