"Everybody gets so much information all day long that they lose their common sense," said Gertrude Stein. They say the more you know, the more empowered you are. But how much of what you know is entirely true? "Well, the Internet said so!" would be an ignorant statement to make this far into the 21st century. The majority of us have learned our lesson by now. We don't blindly believe everything the internet says. We're critical, we scrutinize, and we take in only what really makes sense to us; what we believe is closest to the truth. Yet, two out of seven people fall prey to disinformation every hour.
You believed the statistic, didn't you? It may seem convincing, but I just made it up. A classic example of disinformation.
Disinformation is spreading false or misleading information with the sole intent of manipulation. Newton Lee once said, "Information is power. Disinformation is abuse of power." Likewise, disinformation takes advantage of a person's innocence, interfering with their thought process. Misinformation, on the other hand, is disseminating false or misleading information without a deliberate intent to manipulate. This means that people who share misinformation often believe that the information they share is true.
Disinformation does not always mean putting out information that is completely wrong. Rather, the information promoted might actually be true but set in the wrong context. When we say context, it deals with questions like who it's coming from, where it's coming from, and when. If the information spread is totally false, it's easy to identify. Therefore, for disinformation to work as intended, it has to have a good percentage of truth in it. The end goal is not simply to get people to believe lies, but rather to get them to change their belief set.
More often than not, strategic disinformation is used in political propaganda. Using the media's massive reach, disinformation about a country's military strength, its relations with other countries, and opposing political parties is disseminated to subtly condition people's thinking to match a certain anticipated outcome.
In cybersecurity, a disinformation attack is quite similar to a cyberattack, with the only difference being the target. Disinformation attacks are aimed at exploiting a person's cognitive bias, while cyberattacks focus on disrupting computer infrastructure. Cyberattacks use traditional tools like viruses, malware, botnets, and Trojan horses Disinformation attacks use manipulating tools like misrepresented or misappropriated information, deepfakes,cheapfakes, and much more.
A phishing email is a great example of how disinformation threatens cybersecurity. An attacker who has been closely observing the email behavior of a company can create a fake yet convincingly similar email to get an employee to spill some sensitive company information. In most cases, the vulnerability of a business is chosen as an easy target to introduce disinformation attacks. Businesses have genuine problems. Nefarious disinformation actors identify those problems and cause people's notions to intensify around those problems. That is, they try to weaken the victim by speaking to their emotional appeal, and this is otherwise known as cognitive hacking.
Cognitive hacking, a type of social engineering aimed at a bigger audience, is an attack that manipulates people's perspectives by exploiting their intellectual vulnerabilities. A disinformation attack is a subset of cognitive hacking used to achieve the above purpose. It works by manipulating people with false information to break into cybersecurity systems, thereby gaining unauthorized access.
Over the last few years, cybersecurity has had a tremendous growth spurt. It no longer just deals with an enterprise's network security but also with safeguarding the values, brand, and reputation of the enterprise. We know that data breaches result in value loss. Likewise, data manipulation can also take a toll on a company's value and repute.
Consider this example of a cyber espionage technique, where an attacker creates fake news to hold ransom the influential individuals of a competitor company or to damage its reputation. Now, besides ruining the business’s reputation, the fake news will subconsciously instill a negative perception in people's minds about the company's cybersecurity capabilities. You can see why curbing cyber disinformation attacks is important when it comes to boosting cybersecurity.
We are living in an age of freedom of choice and voice. Needless to say, social media has given anyone and everyone living on this planet the power to “influence.” It is equally hard to differentiate between information and disinformation as it is to keep disinformation from spreading. The first step, however, is to recognize disinformation as a potential threat to cybersecurity. Educating people about the signs of disinformation is another crucial step. This way, they can discern real information from false information for themselves. Apart from these measures, a combined effort by governments, businesses, NGOs, and other entities is needed to create and implement standards of defense against disinformation.