Fake News – Spoiler Alert: This Article Does Not Have All the Answers!
By Colin Fraser, Director at i-confidential
The 2020 EY Megatrends Report highlights the recent entry of cyber warfare into “a new domain altogether: disinformation”. However, it will be a long time before we have a standard for, and global rollout of, data provenance marking, which is probably key to enabling any sort of preventative controls. I recommend downloading the report.
In a world of fake news, augmented reality, and reality distortion, who in an organisation sets the strategy and owns the activities to protect against these new forms of integrity breach?
Imagine a video appearing where the CEO issues a profit warning, publicises a criminal investigation, or highlights an operational weakness in the organisation. And it’s fake, or five years old and out of context.
Has the organisation got a playbook for this? Is it part of the cyber incident management process? Have the key elements of information dissemination and public relations management been identified as critical business processes, or even been assessed as part of the risk management process?
Over the past 20 years, the Chief Information Security Officer has delivered the blueprint to protect against integrity breaches. This has focused on ensuring individual transactions cannot be altered and that accounting practices generate accurate financial reports. The objective has been to ensure that there is integrity within the organisation.
Question: is the same corporate officer also responsible for the blueprint which protects and defends against reality distortion (a new form of information integrity breach) generated externally? Probably not.
It’s time for organisations to make sure they have included “fake news” and the like as a threat in their resilience and cyber frameworks. They should also have identified the relevant business processes, allocated accountabilities, and updated their incident management playbook.
As the article title states, we don’t have all the answers. Going back to basics, however, is a good start. Allocate accountabilities, create your playbook, and run a test!