Misinformation and cybersecurity: the dark connection

The global landscape is increasingly subject to the phenomenon of disinformation, which has caused many discussions over the years. Prominent politicians, such as Donald Trump with his constant claims of "fake news" or Vladimir Putin with his provocative rhetorical style, have fueled this issue. Furthermore, even in the business world, disinformation can have a negative impact: about 87% of executives, according to a study by Weber Shandwick, say that the spread of disinformation represents one of the most significant risks to the reputation of companies. While often overlooked, the role of disinformation in cybersecurity threats is hugely relevant and can have dramatic consequences if not properly addressed.

Disinformation and social manipulation

Disinformation, as opposed to simply the accidental dissemination of misinformation (called "misinformation"), is a deliberate tactic to spread false news, often with the aim of furthering a political agenda. Russia, for example, has always been a master of this practice, to the point where some experts believe that the modern definition of disinformation is a literal translation of the Russian term "dezinformatsiya". This practice of deception intersects with the so-called "social engineering", a set of techniques aimed at inducing a subject to reveal specific information or to perform actions for illegitimate reasons. The three key elements of disinformation in this context are: lack of context, deceptive editing and malicious transformation of content.

Cybercrime: the interweaving of disinformation and social engineering

Cyberattacks that exploit disinformation and social engineering are sophisticated and relatively new. Bad actors do not hesitate to capitalize on the fear and anxiety that pervade modern society, which is why we have seen the birth of malvertising. This practice, which consists of inserting malicious code into advertisements or digital items, uses disinformation to lure victims into clicking on content that targets their fears or prejudices, and then spreads malware onto their devices. As the public becomes more aware of the dangers of phishing, harder-to-detect malvertising campaigns are becoming an increasingly popular method of spreading malware.

Countermeasures: Security and resiliency training

To effectively combat disinformation and social engineering, it is imperative that organizations invest in cybersecurity training. Employees should be trained to recognize potential attacks and to practice caution, such as treating every email, text, article or ad as a potential threat; verify the authenticity of the sources from which the contents come; avoid clicking on links or opening attachments without thinking about it; and questioning any communication that attempts to create a sense of urgency or manipulate emotions. To mitigate the risk of employees unintentionally becoming an insider threat, you can use insider threat management tools that detect any suspicious activity. With a collective effort by individuals, organizations and governments, and by promoting critical thinking and digital literacy, we can hope to build a more informed and resilient society in the face of disinformation and its associated cybersecurity risks.