What began as memes and a way for scammers to drive ad revenue via clickbait has morphed and expanded into almost every area of our lives. Misinformation, disinformation, malinformation (MDM), and a host of other terms used so loosely are now co-opted for nefarious use, and some have lost their meaning almost entirely.
Understanding the nuances of MDM is an essential first step for those practicing or developing a practice around information-driven threats. Misinformation is the unintentional spread of disinformation. The person disseminating the content believes it is true. Disinformation, on the other hand, is fabricated and purpose-built for deception by the creator, who is often driven by profiteering, influence or polarization. Malinformation is any information that is disseminated to cause harm, such as leaking user password databases. These threats have become so severe they are now considered by experts as adjacent to cyberattacks.
Globalization has created an environment where borders, economies and communications are on a level playing field. This democratization has many positives, but it has also proven equally beneficial to adversaries who know how to use this against opponents. Non-state actors are empowered, decentralized armies in this new era of gamified conflict that attacks human perception online and offline, while state actors are able to infiltrate nation-states through their own citizens. This is key to the future of conflict and information warfare; a signifier to global and enterprise organizations of what is to come.
Currently, $78 billion is lost annually to private firms due to disinformation, and 87% of executives say the spread of disinformation is one of the greatest reputational risks for businesses today. Additionally, 88% of investors consider disinformation attacks on corporations as a serious issue.
The number and types of threat actors are growing: hackers, hacktivists, disgruntled employees and Disinformation as a Service (DaaS) offerings are all among today’s bad actors. DaaS companies utilize tactics to seed and spread targeted narratives. Their main approach is to share disinformation with high-engagement social media influencers (also known as superspreaders) who then push this through their networks. In May 2021 several influencers with followings in the hundreds of thousands were contacted by London-based public relations agency Fazze asking them to promote misleading messaging about Pfizer-BioNTech’s COVID-19 vaccine for their client. To further create chaos and confusion, these types of companies also craft and publish misleading articles in the news, seed fabricated narratives on social media, build fake social media accounts, and create deepfakes.
This is where cybersecurity and information operations and their associated risks intersect and need to be a high priority for all organizations. Planning for known and unknown threats as part of an information warfare playbook is one of the best investments an organization can invest in today.
Present-day monitoring tools are not built to solve this exceptionally global problem. While the volume-based statistics they collect are still important criteria when assessing content amplification and reach, they’re limited in providing deeper mis- and disinformation insights. Risk and communications teams need to be able to identify MDM before it surfaces and know what to do with the information as part of their security strategy.
Threat actors have developed tools and tactics to hijack communications in novel and complex ways, while frequently evolving to avoid detection and simultaneously exploit trends and events. This generates a constant state of confusion. When every online attack feels like an emergency, it’s difficult to identify or prioritize which battle to fight first. Organizations often lack sufficient toolsets and knowledge to effectively identify root sources of information-based threats.
To compete against these MDM threat actors organizations, must reevaluate their information security posture to meet the challenges of an entirely new class of information-based risks.
Evaluating current approaches to better understand where we remain exposed, how we must evolve, and what actions need to be taken will enable organizations to identify opportunities to lean into informed and positive momentum wherever possible. If corporations have the ability to challenge deeply polarizing and hostile information challenges at the source, it means more possibilities to move from a reactive to a proactive state. As adversaries evolve, so must corporate capabilities, investment and leadership teams.