Conspiracy theories have become incredibly popular with the ascendance of the\u00a0 internet and social media. They attract the disenfranchised and those who can\u2019t understand this rapidly changing world. They do so by providing communities to others that validate their feelings, and provide answers, no matter how untrue. This leads to cognitive dissonance, or the refusal of facts. Our role is to be those strong leaders who can overcome these challenges and change the perception of information security to address why this happens in the first place.What is a conspiracy theory?A conspiracy theory, according to Google, is a \u201cbelief that some covert, but influential, organization is responsible for a circumstance or event.\u201d\u00a0 Before the internet or mass communication, conspiracy theories were often dismissed or isolated. Starting with the advent of bulletin board systems and the internet, they now spread quickly.An example is the Oklahoma City bombing in 1995, which had all sorts of theories posited on the nascent internet of multiple conspirators, that other entities and people were helping the bombers\u2026including John Doe #2, who was theorized to be any number of people. The Columbine school shooting in 1999, where there were also theories of multiple conspirators outside the two gunmen, is another example.Modern examples \u2013 Art Bell, Alex Jones and Dr. Andrew WakefieldThe radio show Coast to Coast AM, which was hosted by the late Art Bell, was known as a show about the paranormal and conspiracy theories where people could offer their opinion without fear of ridicule and was broadcast late at night across the US. Bell\u2019s obituary on Talkers.com, discusses his distinguished career.Guests could include the distinguished theoretical physicist Dr. Michio Kaku, singer Crystal Gayle and the late Father Malachi Martin, an exorcist from the Catholic Church. There were no screeners like on other popular radio talk shows, and sometimes this led to very strange calls. One such hoax happened when someone claimed to be a former Area 51 employee that escaped and was forewarning about several upcoming disasters caused by beings from another dimension masquerading as extraterrestrials. That was followed by a still-unexplained 30-minute outage and was memorialized by the band Tool as the song \u201cFaaip de Oiad\u201d on their album Lateralus.A frequent guest was Alex Jones, who found a willing audience in Coast to Coast AM\u2019s and used it as a springboard to sell his products and radio show. While Art Bell was patient, allowed people their time and asked relevant and probing questions, Alex would associate everything with a series of conspiracy theories, and rant about the upcoming \u201cnew world order.\u201d His act is designed to convince his audience that there are shadowy organizations controlling everything, and that he can help them overcome the oppression of the new world order and the methods they are putting in place to control the population. This includes not believing anything the government tells you, that the people telling you what to believe are part of the new world order and everything is to be questioned.Alex Jones is only one of many conspiracy theorists who have found a willing audience. The former Dr. Andrew Wakefield, who was caught falsifying a study that directly correlates vaccination with autism, stoked the fires for the anti-vaccination movement. Believers now include a large amount of government officials at all levels. This is a gigantic refutation of science and the scientific method, and it doesn\u2019t take long to find people believing in these theories on Facebook.In several cases, this has caused real-world harm. One of Alex Jones\u2019 believers attacked a pizza shop in Washington, DC, with a gun because he heard children were being held there on his radio show. Others have relentlessly harassed the parents of the children who were murdered at Sandy Hook Elementary School, thinking that they were \u201ccrisis actors\u201d hired by the government to stage that massacre. Still others put up websites and commiserate online to discuss conspiracies and the \u201cevidence\u201d they have.How did we get here?What brought us to where seemingly more people than ever believe conspiracy theories? Technology has certainly played a role, having led us to a point where people feel more alone and isolated than ever. Many also feel like they\u2019ve been left alone without explanations for what has happened. There are feelings of uncertainty, lack of trust and anomia (better known as anomic aphasia), which is where people cannot find words to express names of common objects. Ted Goertzel from Rutgers University Camden covered this in his 1994 paper, "Belief in Conspiracy Theories."The transformation of society over the past 25 years since the ascent of the internet has been incredibly dramatic. While to many this may be normal, it\u2019s had the side effect of introducing significant change to the world. Old norms such as telephones, social gatherings and social interaction have permanently changed.Businesses have also completely changed, and entire categories of jobs have either been eliminated or altered due to increased computerization. This has led an entire segment of the population feeling left out and not able to keep up\u2026and that there\u2019s no one there to protect them. Conversely, formerly isolated communities, such as caregivers of special needs children and agoraphobics, now have homes on social media.At the same time, the internet has greatly expanded the reach of what were once generally considered fringe figures and effectively given them a megaphone. Platforms such as Facebook, Twitter, YouTube, Pinterest, WhatsApp, Telegram and Discord have eclipsed bulletin boards and message boards as the place to gather to learn information. We\u2019ve given people platforms to speak, and algorithms that find like content to keep them engaged. It\u2019s very easy to get people to fall down some quasi-intellectual rabbit hole.We\u2019ve left people susceptible to conspiracy theories because we\u2019ve built technology platforms to help people communicate but haven\u2019t addressed the root causes of communicating changes in this changed society. The past 25 years has, perhaps more than any other time in human history, seen rapid change. Many people don\u2019t understand the new acronyms, methods of accomplishing tasks, computers, the internet, cloud computing, or online shopping. Many more see their local shopping centers and downtown districts \u2013 often with stores such as Sears, JC Penney or K-Mart that have been there for 50+ years \u2013 suddenly close. People are out of jobs. They get healthcare and don\u2019t understand how to deal with managed care, explanations of benefits or other information.The world has changed, and adaptation is very complex for many, especially when there\u2019s no guide. This leaves people angry, alone, frustrated and searching for an explanation or an answer as to why they\u2019re in the situation they\u2019re in. Conversely, some are so tied into the online worlds they\u2019ve been sucked into that they don\u2019t understand the social mores of the world outside of the computer.There are always online communities that are welcoming, and while they cannot provide a rational, or even sensible explanation, they do provide a sense of belonging to those that feel isolated. They provide certitude and validation for their feelings and allow them to express anger. Many facilitate keeping them angry, and the engagement algorithms in social media help this significantly. They are dominated by strong personalities and leaders that take these people searching for answers and give them an explanation, no matter how far-fetched.These communities substitute for what regular communities did before the advent of technology and provide islands of salvation in a sea of unknowing. The leaders provide fulfillment and acknowledgement that others do not.What are the effects?This, however, leaves them very susceptible to manipulation. These are mainly isolated people, and sometimes so desperate for human contact and validation that they will do anything to fit in and feel good. They believe strong leaders and want to be seen and recognized as good by them. They are fearful of doing wrong and feeling left behind and left out because of it. These people will ignore common sense, social mores and the inhibitors to susceptibility to continue to be a part of the community.Social media has given the illusion that successful people do nothing wrong and live perfect lives, and this further marginalizes those who are already feeling isolated. Dehumanizing terms used by leaders and community members reduce those who do not share in the same world views as characters in a video game to be eliminated, or otherwise less than human.As they believe they have been marginalized, dehumanized and felt like they have been usurped and had their voices removed, they seek to do the same to those pointed out as the conspirators against them. They want to feel validated, and that their views are validated. They see any opposition to the strong leader as an attack against someone who acknowledges them. These actions, however reprehensible they may be, serve in a way to empower and validate both the leader and them.This has caused many attacks, both virtual and physical, on those who do not believe what the strong personalities and leaders say. We see this with numerous message board and comments section attacks and spam on opposing viewpoints. Memes, trolling, posting as a denial of service, posting offensive content and other attacks on others in social media are also consequences. We also see personal attacks such as \u201cdoxing\u201d on people where they are attacked and harassed with the intent of causing harm to their personal lives. Charlottesville, unfortunately, was also a consequence of this behavior.This is cognitive dissonance. Despite evidence to the contrary, people will believe what the leaders say no matter what the facts are. This is now personal. You are removing their validation and empowerment as people for their circumstances when you do. Any efforts to combat them with facts will result in further retrenchment.Keeping these people angry is also a good cash stream. We\u2019ve discussed in the past how angry people buy more. Keeping people in a vision where they are on their own, the government will not help and if they want help, they should buy products and services recommended by the leaders to help them feel safe and assured, is good business. Alex Jones, according to NY Magazine, made between $15 to $25 million over a two-year period between 2015 and 2017 selling nutritional supplements that were described by Labdoor, an independent testing lab in San Francisco, as being more expensive and less effective than the vitamins you can buy in any pharmacy.What does this have to do with information security?\u00a0Information security is a new field. Despite organizations like Citi and Cigna having people in security leader roles for many years, we are part of the change. Many of our customers don\u2019t understand technology. They don\u2019t understand security. They believe that technology is usurping their lives. There\u2019s a lot of suspicion around technology and our teams. Our customers do not feel they are being listened to or validated. They do not believe that security has their best interests at heart. Often, security practitioners are viewed as having a \u201cshoot first, ask questions later\u201d mentality by the very people we\u2019re trying to help. One only needs to look on Twitter to see the vitriol and anger heaped upon members of the community \u2013 often by fellow members, especially against women and minorities \u2013 for proof.Tech, in general, has been characterized as being condescending and arrogant to end users. Customers don\u2019t feel like they\u2019re being listened to. They don\u2019t have explanations for what processes are, and often we discount what they say and minimize their opinions. This causes people to search for communities that are more welcome and open, even if they say things that aren\u2019t factual. People want to feel welcome, validated, recognized and communicated with.When you combine this with the alphabet soup of acronyms we throw at them, the processes they may not be aware of, lack of uncertainty customers have with technology and rapid evolution of change, security is the least of their worries, and certainly isn\u2019t top of mind.Customers and users aren\u2019t going to approach you if you don\u2019t address these issues. They\u2019re going to approach the welcoming communities that validate them. Even if they sell them snake oil or give them bad advice, it\u2019s coming from a source more trusted than you are.Many times, this comes from salespeople who are willing to listen and provide advice and products, even if they\u2019re bogus. They can appear to address needs, even if they don\u2019t. The billions spent on security software and services that don\u2019t work are direct evidence of this. No matter what, if you aren\u2019t listening or you\u2019re being arrogant \u2013 even if you\u2019re right \u2013 you\u2019re not going to be believed.Your customers aren\u2019t going to trust you simply because you know what you\u2019re talking about, or what you\u2019ve done in your past. They\u2019re going to trust the team or leader that\u2019s willing to listen to them, validate their concerns, empower them and explain what\u2019s going on. This isn\u2019t once-a-year training or an engagement campaign. You need to have continual engagement with your customers and answer their questions. You need to deliver regularly and be visible as someone willing to be part of their community and answering their questions. Your team needs to reflect those values.How do we fix this?There is no quick fix for addressing the issues of people feeling marginalized, disengaged and willing to believe conspiracy theories above facts. They believe them because of an absence of engagement, lack of communication and uncertainty. They\u2019re looking for people to be leaders and anchors who are willing to stand up for them, help them understand this strange new world and help them feel fulfilled and accomplished. It takes time and engagement to build that trust. It takes going outside of yourself and being that strong person, even if you don\u2019t believe it yourself.The numerous examples of toxicity in the tech community contribute significantly to imposter syndrome, where many people minimize or doubt their accomplishments and fear being exposed as a fraud. Melody Wilding, in her article, \u201c5 different types of imposter syndrome (and 5 ways to battle each one), discusses a type of imposter syndrome called \u201cThe superwoman\/man,\u201d which is where people are convinced they are phonies among their real-deal colleagues, causing them to work harder than everyone else to convince they can measure up. The constant barrages of insults and attacks on credibility against members of the security community are evidence this is an issue we have to address.The most important takeaway from her article is that no one should have more power to make you feel good about yourself than you. While the tech community is full of toxic people, don\u2019t stoop to their level. Be that strong person for others. Don\u2019t give in to hatred and toxicity. Build that trust and engagement and communicate better. Be the tech person you wish you had in your life, instead of the arrogant know-it-alls who blow off people and are not empathetic. Being strong, confident and willing to explain yourself to others isn\u2019t being weak or an imposter. It\u2019s helping bridge the gap that causes people to believe conspiracy theories and brings both yourself and them to a better place.