Mis-, dis- and mal-information insider threats: Building cognitive immunity

An insider threat risk or vulnerability assessment often begins with a question: “What, if any, threats exist that could potentially lead to problems in the workplace?” Focusing immediately on technical factors such as information technology and physical security threats can be easy.

However, bad actors also exploit the polluted information landscape. The use of mis-, dis- and malinformation (MDM) can manipulate public opinion and undermine our trust in institutions.

Employees who lose faith in public institutions may act out destructively or be manipulated to act out. They may also inadvertently harm an organization by acting on faulty information. Security professionals should be aware of how MDM can threaten their organizations and how strengthening their people’s ability to analyze and evaluate information can act as a critical defense.

Strengthening our analytic capabilities helps us develop resistance to MDM and develop cognitive immunity. Building our cognitive immunity allows us to: make inferences and draw conclusions based on the evidence presented, assess the potential for misleading information, and better identify false information.

We can strengthen cognitive immunity on several fronts by improving critical thinking and media literacy and building awareness of how online MDM exploits cognitive biases.

What is Misinformation, Disinformation, and Malinformation?

MDM are forms of information disorder and are defined by intent and motivation. According to the Cybersecurity and Infrastructure Security Agency:

Misinformation is false information that was not created with the intent to cause harm. It is the result of poor fact-checking, inadvertent errors, or cognitive biases (for example, someone posting a negative product review because they misread the user manual).
Disinformation is false information that was deliberately created to mislead, harm, or manipulate (for example, bad actors using digitally altered videos, commonly referred to as “deepfakes,” to spread false information).
Malinformation is the use of accurate information out of context to mislead or harm (for example, a political advertisement that quotes an opposing candidate out of context to make it seem she holds unpopular beliefs). It may be the hardest to detect and potentially the most damaging. Malinformation may be as simple as a misleading headline in a social media post that colors the opinion of a noncritical reader or as complex as a propaganda campaign by a hostile government.

Regardless of intent and motivation, the impact of each of these can be equally damaging, particularly because this type of information can spread quickly and is often compelling. For more information on how we can recognize and avoid spreading MDM, read the Threat Lab’s BLUF Volume 2, Issue 8 and Issue 9.

Fostering Critical Thinking

The ability to spot and respond to manipulative information begins with critical thinking skills (for example, evaluating the merits of an argument and the evidence provided to support the claims, the viewpoint behind the argument, and the logic of the argument).

Sometimes this might mean collecting additional facts, checking on what experts say, exploring opposing viewpoints, or pausing to think before taking action. These skills are essential in reducing vulnerability to various types of risks, including social engineering, solicitation by foreign or domestic adversaries, and information designed to cause harm.

To learn more about the benefits of critical thinking, training scenarios and more, visit the CDSE here.

Building Media Literacy

Media literacy involves the ability to analyze various forms of persuasive media for accuracy and credibility. Think of it as critical thinking about the media, whether it be a cable news program, radio report, an internet article, or social media post. Regardless of form, media are created or authored by people with a point of view.

As consumers, we must ask: “Who created this, and for what purpose?”; “What beliefs (not facts) are used to support this media piece?”; and “What is being done to influence me emotionally, visually, logically, culturally, etc.?” The ability to discern if information is, or is not, correct and assess the influence of media messages on our thoughts is essential to effective cognitive immunity.

For more information on media literacy, see The Threat Lab’s upcoming issue of the Insider (available September 15, 2022; to be added to the distribution list, send your request to dodhra.threatlab@mail.mil). In the meantime, check out the Threat Lab’s BLUF on Deception Detection, Volume 3, Issue 1.

Challenging Cognitive Biases

A major obstacle to critical thinking is cognitive bias. MDM can intentionally play off our natural tendencies to misperceive the world. Cognitive biases are mental shortcuts that help us process information quickly but can result in errors in our thinking.

For instance, in-group bias often occurs subconsciously and results in individuals giving preferential treatment to people who share similar attributes, affiliations, or backgrounds.

Confirmation Bias occurs when individuals interpret information in such a way that it confirms existing beliefs. The Bandwagon Effect occurs when individuals accept new beliefs because more and more people are adopting them.

Also, Ambiguity Bias occurs when choosing between two or more options, individuals select the option that seems most certain and least ambiguous. If we are not attuned to our tendencies to take these mental shortcuts, these biases can take our attention away from relevant risks and may affect our policies, practices, and mitigation strategies.

For individuals and organizations, the first step to challenging biases is to recognize we all have them. When making decisions, we should ask ourselves how potential biases about other people or ideas might interfere with our decisions.

Defending Against Social Engineering and Phishing

Social engineering is an example of malinformation put into action, because it often uses information known to the victim to make an interaction seem trustworthy, manipulating people to divulge information they otherwise would not have shared.

Social engineering techniques can range from cyber tactics (e.g., phishing attacks that use recognized commercial logos or normal-looking business requests and links to malicious software) to human interaction (e.g., impersonation of a network administrator or supervisor seeking credential information).

Organizations recognize the dangers of cyberattacks, and most require training and develop safeguards to make employees less vulnerable. Organizations should take similar steps to make employees resilient to the threat of MDM and build cognitive immunity. Organizations make better decisions when they are acting with the best information in the least biased ways.

Organizations also need to devote efforts to identifying and improving acceptance of reliable sources of information. Training employees to recognize MDM will lessen the risk of this potential avenue of insider threat.

Building Cognitive Immunity

To recap, building cognitive immunity has several benefits:

It promotes a person’s ability to identify false information and stop them from promulgating it.
It contributes to improved organizational policies and practices by enhancing the workforce’s knowledge of and response to MDM and encourages more accurate risk and vulnerability assessments.

For security professionals interested in learning more about and cultivating improved cognitive immunity, The Threat Lab’s upcoming s Counter Insider Threat (C-InT) Social and Behavioral Sciences (SBS) Summit 2022 will focus on strategies to increase cognitive immunity as it relates to the counter-insider threat mission space.

One of the largest annual National Insider Threat Awareness Month (NITAM) events for the C-InT Community of Practice, the Summit raises awareness about the human side of the insider threat problem among practitioners, academics, and leaders around the world. The 2022 summit will promote strategies to increase cognitive immunity relevant to C-InT professionals’ efforts to detect, mitigate, and prevent concerning behavior.

To participate in this event either as a speaker or attendee, learn more at sbssummit.com.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Mis-, dis- and mal-information insider threats: Building cognitive immunity