How Disinformation Leads to Internal Threats

How Disinformation Leads to Internal Threats

Employees who trust disinformation are more vulnerable to social engineering and phishing campaigns, and attackers know this. […]

At the beginning of the fourth quarter of 2021, the idea that disinformation is a cyber threat has probably not yet entered the consciousness of many CISOs. In fact, a Venn diagram would show that there is no overlap between “disinformation” and the words “CISO” or “cyber threat,” especially not here. Still, there is significant overlap, and CISOs are well advised if they are ahead of the curve.

Some companies have identified disinformation as a threat. Gavin Reid, CSO of Recorded Future, notes that some activist CEOs are taking steps to combat the politicization of disinformation, while companies are turning to third parties to better understand how to counter the emergence of disinformation that goes against their company or affects the actions of their employees.

The challenge for CISOs in terms of disinformation

This view is shared by Armaan Mahbod, Director, Counter Insider Threat, Security and Business Intelligence at DTEX Systems. “The exchange of disinformation/misinformation happens all the time, regardless of whether there are positive or negative intentions and results behind it,” he says. “It is difficult for leaders and companies to refute this information because they often do not know what is being shared at all, so they are not aware that a response is needed.

“In addition to the lack of transparency, many business leaders struggle to answer basic questions about their company and team, such as: Who are my employees and where are they? How does my company actually work? How active is the company (i.e. regional, departmental, etc.)? In addition to the thousand other, more nuanced and detailed questions that surround businesses and that feed into an organization’s overall cybersecurity posture,“ Mahbod continues.

Adam Flatley, Director of Threat Intelligence at Redacted, sees the challenge for the CISO in how disinformation campaigns outside the company trick their victims into believing certain false narratives, drive wedges between them and those who provide contrary facts, and make them addicted to information that confirms their biases“.

Flatley continues that “the next danger for a CISO is that this addiction to information that confirms their bias really settles in the victims (employees). This makes them more likely to click on phishing emails, SMS links, and other types of enticements tailored to the subject they’re starving for, which can lead to stolen credentials or outright abuse.

Disinformation offers opportunities for social engineering

Then there is the area of social engineering that the individual employee needs to be prepared to fight back and that the CISO needs to be prepared for. Malicious actors watch the firewalls for disinformation, whether on global issues or issues that apply only to a particular company, and these villains “build personas to build online relationships with their victims. They feed them with information that not only manipulates them, but also builds trust, which leads them to visit web pages sent to them by their “faithful friend”. This creates a camaraderie that makes victims more likely to open the files sent to them, which could contain malware, “ warns Flatley. “Even before victims take the step of becoming a deliberate insider threat, they can be used to unknowingly compromise the network, which is much easier for a threat actor than recruiting a malicious insider.“

This observation is also shared by Elsine Van Os, founder and CEO of Signpost Six, who notes that affinity with a confirmatory narrative makes employees vulnerable to “clicking on emails that interest them, thereby unintentionally opening the door for malware into their organization.“

Change as a portal for localized disinformation

Change is another area where internal messaging can often get out of hand and rumors fly through the organization like lightning. Van Os noted that “changes (and some organizations are constantly changing) often result in inadequate communication, incomplete, inaccurate or out-of-date information, and then misunderstandings.“

Van Os went on to say that CISOs are challenged to manage insider risk when management, for whatever reason, has a workforce facing “unmet expectations that are a major stress/risk factor on the critical path to insider risk, and this is especially the case with restructuring. It is very difficult for a company to deal with this problem, because sometimes there are simply no satisfactory results for employees, so they have to manage the risk on the back“.

Forrester predicts an increase in insider risk management challenges in 2021. Van Os believes that CISOs “need to work with HR, especially as we are seeing a large number of exits. So many people leave the company, and the vast majority take sensitive data with them.“

When disinformation is found

Faced with the dilemma of false information entering one’s own business, “it is crucial that leaders and companies have a clear understanding of how they operate so that they can not only understand the behavior of their own business, but also confidently communicate to their employees and their investors/boards that they have data to support their statements,” says Mahbod. “This assumes that meaningful data is available to back up comments with empirical information that answers the questions asked or suspected.“

*Christopher Burgess is an advocate for effective security strategies, whether in the office or at home for you and your family. Christopher Burgess worked for the Central Intelligence Agency for over 30 years. He is the co-author of Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century.

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: