Cybersecurity teams are traditionally tasked with keeping bad actors out of company networks and cloud infrastructure. But social media campaigns designed to spread false information about companies is a growing issue and will soon be a top-level concern for security professionals and executives in every industry.
In fact, one of the major trends of 2021 (and beyond) will be the rise in misinformation campaigns to help drive up the costs of ransomware payments and, in some cases, influence markets to manipulate stock prices. Large multinationals and big companies with high-profile brand reputations on the line will be hardest hit since bad actors target them as prime sources for the extortion of money.
These attacks will be a major concern for chief security officers (CSOs) and chief information security officers (CISOs), especially as such efforts are combined with continued increased sophistication of ransomware attacks and the increased reliance on ransomware by crime organizations as a source of revenue .
Even teams not typically involved in cybersecurity – such as marketing and public relations – will play a larger role in helping monitor this risk to their companies.
With misinformation on the rise, here are a few things security leaders and their teams can start doing today to prepare themselves and protect their respective organizations:
- Step up internal communications and monitoring of social media – Having a trusted communications team is key. Marketing and public relations teams or a designated Security Operations Center (SOC) should monitor social media and other outlets to see what is being said about their organizations. There are also third-party services that can handle this task if your enterprise can’t carry this load.
- Plan for bad events - Involve your communications teams in incident response drills and preparation. Do the messages that the security team (and legal) wants to communicate mirror what they are putting out to reporters in the form of press releases and official media statements? By preparing messaging before bad events, you have time to ensure the right message is shared both internally and externally.
- Create protection strategies centered around sentiment tracking and dark web monitoring - While many prefer to ignore the dark web, it is vital to know what is being said about your organization. Consider a wide variety of data gathering techniques — including chat room monitoring, crawling/scraping and forum extraction. Again, third parties can be leveraged here if your enterprise doesn’t have the resources.
- Back up your data – Assured and current backups are often neglected areas of cyber defense, but they are essential to combatting ransomware attacks.
While these recommendations will not halt misinformation campaigns, they will make sure your organization is prepared if and when those bad actors do strike. Smart organizations will anticipate, prepare for and get out ahead of misinformation campaigns before they happen.