Facebook and Twitter have been talking a lot about fake news recently.
And so have a lot of other people. Depending upon who you read, and who you believe, fake news played a major role in the recent presidential election. But fake news isn't limited to politics. Fake news, and its relatives, are some of the most vexing types of external cyber attacks facing corporations, institutions and enterprises.
“Fake news” can originate practically anywhere on the Internet -- through tweets, posts, blogs, wikis, discussion forums, chats, podcasts, digital images, video, audio files, advertisements and more. There are even official "citizen journalist" sides like CNN's iReport or reddit, where end-users can directly publish their views, or their content, without fact-checking, editing, or any other kind of content-curation.
This un-proctored, un-curated, un-fact-checked content creates a nightmare for enterprises. These are content-based cyber attacks that don’t touch company infrastructure at all. They exist completely outside the firewall, beyond the traditional perimeter. But even without touching the targeted company directly these attacks can have huge impacts on a company’s revenues, operations, and reputations....A few recent examples:
In October 2013, a press release appeared announcing that Fingerprint Cards, a publicly traded Swedish firm (FING-B.ST), was going to be acquired by Samsung. In just minutes, the company saw its stock price soar, and its book value climb by over 30 percent. The story was debunked – it was fake news. There was no impending acquisition. ,
Last year, Avon products were targeted in a similar stock manipulation scheme and just a few days ago, in early November 2016, FitBit saw its stock jump as a result of the very same kind of scam.
In another variation of a fake news attack, fraudsters launch stories announcing the untimely death or injury of a key corporate executive. One of the most prominent of these exploits occurred in 2009, when a CNN site reported that AT&T CEO Randall Stephenson was "found dead in his multimillion dollar beachfront mansion" under very questionable and compromising circumstances.
In cases like these, market controls usually stop the trading of these issues quickly, but market controls don't stop all trading. And news like this doesn’t only influence the stock price of the attacked company, it also impacts the stock prices of key partners and suppliers.
These cyber attacks are profitable, for the bad guys.
Realistically, only one organization is in place who has the expertise and the mind-set to deal with attacks like these in real time – the security department. Security teams are accustomed to the rigors of real time monitoring and continuous threat evaluation. But while most security teams know the ins and outs of full-time monitoring, the kind of monitoring that is required to defend against false news, or content-centric attacks is quite different from the kinds of network and firewall-centric monitoring that security departments customarily perform.
In fact, in a research report commissioned by BrandProtect, and conducted by the Ponemon Institute, over 500 enterprises were asked to evaluate their security maturity when it came to these kinds of external threats.
While there was consistent awareness across security departs of the exposure of companies to these kinds of Internet-based threats, few companies have a formal process in place to monitor for potentially harmful online activities and statements. In fact, almost 40 percent of companies surveyed DID NOT monitor the Internet at all. Only 17 percent of the security professionals polled say they have a formal external threat monitoring and escalation process in place that is applied consistently across their companies. Most companies still deal with these threats in an ad hoc, reactionary way.
This is a shocking result in today’s threat environment.
As soon as possible, certainly during the first part of 2017, enterprises should conduct a thorough external threat audit. Basically, this effort provides the enterprise with an understanding of how much their enterprise, their executives, their key brands, and their other key assets and initiatives are being discussed by third parties online. This audit should extend across all external threat sources, not just social networks, blog sites, wikis, discussion forums, and video sites, but also mobile app stores, online marketplaces, and domains.
Content-centric cyber attacks will not be going away any time soon. Fake news about M&A activity, clinical trials, product announcements, plant closings, earnings, executive appointment, product delays, partnerships, or headcount reductions might take only minutes to debunk, but can impact revenues, operations and business reputations for weeks.
Only by proactively and constantly monitoring the Internet for unauthorized, fraudulent or just plain fake postings, announcements, and stories, can an enterprise protect its most important assets from devastating damage.