How disinformation creates insider threats

Employees who believe disinformation are more susceptible to social engineering and phishing campaigns, and attackers know it.

Insider threats  >  Employees suspiciously peering over cubicle walls
Thinkstock

As we enter quarter four of 2021, the idea of disinformation as a cyber threat probably hasn’t percolated to the forefront of concerns of many CISOs. Indeed, a Venn diagram would show no overlap of “disinformation” with the words “CISO” or “cyber threat,” especially in the United States. Yet there is a significant overlap here, and CISOs will be well served to get ahead of the curve.

A few companies have identified disinformation as a threat. Recorded Future CSO Gavin Reid notes how some activist CEOs are taking steps to address the politicization of disinformation, as companies look to third parties to better understand how to counter the arrival of disinformation pointed at their entity or influencing employee actions.

CISO’s challenge re disinformation

This perspective is shared by Armaan Mahbod, director, counter insider threat, security and business intelligence at DTEX Systems. “The sharing of disinformation/ misinformation happens all the time, whether or not there are positive or negative intentions and outcomes behind the act,” he says. “It’s challenging for executives and organizations to refute the information because oftentimes they don’t have visibility into what even might be being shared, so they’re unaware that there’s a need for a response.”

“On top of a lack of visibility, many organizational leaders are struggling to answer basic questions about their business and their team as it is, including: Who are my employees and where are they? How does my business actually function? How active is business (i.e., regionally, departmentally, etc.)? On top of the thousand other more nuanced and granular questions surrounding companies that play into an org’s overall cybersecurity posture,” Mahbod continues.

To continue reading this article register now

Microsoft's very bad year for security: A timeline