We’re all responsible for combating fake news

I spoke to a 5^th grade class about identity theft the other day. I quickly discovered that these kids were struggling with EXACTLY the same problems most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, or if they were being scammed or by whom.

“Sometimes I’m gaming,” said one kid, “and someone asks ‘What’s your real name?’ and I’m like, why does he need to know?”

“I was on this chat board, and I could just tell this person was totally fake, but I didn’t know what to do,” said another kid.

+ Also on Network World: What fake news means for IT—and how IT security can help fight it +

The truth is, every day, in every possible way, we get bombarded with fake information. It doesn’t matter how old we are, how smart we are, whether we’re at home or at work. The world is full of falsity, whether it’s phishing, fake news or some weirdo trying to learn more about us when we’re playing a video game.

Let me continue my point with a hypothetical. Let’s say this story landed in your inbox:

“Trump Slashes Federal Cybersecurity Budget”

In a move that caught many by surprise, President Donald Trump announced today that he was eliminating the office of the Federal CISO, repealing the Cybersecurity National Action Plan (CNAP), introduced just a year ago by President Obama, and dramatically reducing funding targeted to improving the IT infrastructure across many federal agencies. 

“Our agencies can’t solve their security problems. Very sad. Time to outsource cybersecurity,” tweeted President Trump.

Is it phishing? Am I being tempted to click a link that will lead me to a website that will install malware on my computer and infect my network?

Is it “fake news”? Is it another attempt to undermine the legitimacy of Trump’s election and fool me into supporting some political agenda?

Or is it just random noise cooked up by some click-hungry marketer eager to get page views?

In fact, it could be any, or all, of these. And if you’re sifting through the massive onslaught of information that we all go through every single day—email, Facebook, LinkedIn—you can’t always tell what is true or what should be trusted. And therein lies one of the central problems of our age.

The Search for Truth

At the end of our recent Presidential election, when it became clear to everyone that fake news had become an existential problem for democracy, we saw all kinds of attempts to identify who was “responsible” for combating this problem.

The truth is, we all are.

The folks at Google and Facebook have both stepped up to the plate recently with plans to help users identify and resist fake news.

Educators have also weighed in, with professors at the University of Washington and the University of Michigan offering classes in how to develop better BS detectors.

And we’ve seen people addressing their own professional communities with advice and tips on how they can resist the spread of fakery in their own domain, whether it’s librarians (International Federation of Library Associations and Institutions), tech leaders (Steve King) or even marketers (Nicola Brown).

Fake news and the InfoSec connection

Those of us in the information security community continue to do our part—from the coders who create algorithms to identify and flag fake news, to the white-hat hackers who penetrate networks to help strengthen them, to the engineers who train machines to identify anomalous network behavior so it can be isolated and examined. (Readers will be able to identify many more.)

If you’re responsible for running the security awareness program at your organization, you should revel in the company of those seeking to stop anyone who would steal our information and compromise our networks. If this age of fake news has any silver lining, it’s the renewed attention being paid to equipping all employees, all people, with the skills to navigate treacherous waters.

It’s a tricky world out there, and there are malicious actors seeking to distort and steal and control information—for all kinds of motives. We see time and time again that these attackers will come after you and your employees at home and at work. But there are also many of us—many of you—who in designing systems, monitoring networks, and educating employees are truly seeking the greater good.

So, I say, in a world that sometimes seems a little dark, let’s all look for ways to shed a little light.