While ransomware and BGP have been prominent in recent headlines, we wanted to take a step back and focus on some basic steps that individuals can follow to combat one of the favorite tools in a nation-state threat actor’s toolbox: Disinformation. SynSaber CEO Jori VanAntwerp shares tips for fighting misinformation, disinformation, and *FUD-based manipulation (*Fear, Uncertainty, and Doubt).
October has been designated “Cybersecurity Awareness Month” by CISA (Cybersecurity & Infrastructure Security Agency) and NCSA (National Cyber Security Alliance), with themed topics each week. Awareness is vitally important, and while I’m grateful that we have a full month dedicated to the industry, I chuckle each October because, for those of us in the field, there isn’t a day that goes by where we don’t think (and cry, and curse) about cybersecurity.
This week’s theme is: “Be Cyber Smart: Take simple actions to keep our digital lives secure.” I’m going to approach this theme very tangentially, from an angle that I’m passionate about – recognizing and fighting misinformation. Information is often our most valuable resource, and it’s one of the reasons we founded SynSaber – to provide a full view of information in OT environments.
It’s critical that the information we take in as individual consumers, and that we share with others and allow to shape our views, be as accurate as possible. I frequently discuss this topic with friends and family members, and have boiled down some of that advice into 5 helpful tips for battling misinformation.
#1. Beware the dreaded algorithms
Our hyper-vigilance causes cybersecurity practitioners to be keenly aware of potential threats, but we’re not immune to the basic human nature that causes us to be swayed by misinformation and FUD. It’s a constant battle to fight the urge to doomscroll, and algorithms on search and social media sites feed on and perpetuate that tendency. From PsychologyToday: “Our digital information, from Google searches to social media news feeds, is a self-fulfilling prophecy since our behavior influences the algorithms that curate what we see.”
We feed the algorithms based on our search behavior, online activities, and biases, and the algorithms feed us the equivalent of an echo chamber in a filter bubble with tunnel vision. The dangers of algorithmically provided content have been widely discussed in recent stories surrounding the Facebook whistleblower, Frances Haugen. From ars Technica: “Documents that Haugen collected from Facebook show that engagement-based ranking algorithms prioritize divisive and extreme content on the platform.”
The first step in breaking the cycle is realizing that the cycle exists, and being cognizant of the impact that algorithms have on what you see online. I personally try to avoid them whenever possible (see tip #2), and when I can’t avoid them, I purposely confuse them through obfuscation.
#2. Anonymize, anonymize & also anonymize
Side-step trackers and algorithm-influenced results with anonymized browsing and search. I personally use the magic elixir of VPN + a privacy-friendly browser. Whether using Tor, Firefox, Brave, DuckDuckGo, or another tool, there are many ways you can anonymize your online activity.
lecturing talking to a friend or family member about echo chambers and the importance of online privacy, I like to show them what happens when we each do a search with the same exact wording on our own devices. This shows them a concrete example of how the same search can result in two completely different outcomes.
One word of warning – you may be shocked by how many websites completely break when the option to track you or serve you ads is removed. But at least you’ll know how they REALLY feel about you and your privacy.
#3. Identify the FUD
Be cautious of words and phrases that focus on FUD or excessive hyperbole. Some examples of things to be on the lookout for, particularly as it relates to cybersecurity headlines:
- Cyberwar / Cyberwarfare
- Cyber-Pearl Harbor
- Kill chain
Seeing one or more of these terms in a headline shouldn’t automatically indicate that a story contains misinformation, but they should induce a mental red flag that lets you know additional research is warranted.
#4. Look at it from all angles
One of the most important pieces of advice that I offer friends or family to help them battle misinformation and disinformation (disinformation being misinformation that is created to be purposefully deceptive), is to make sure they consistently check multiple sources any time they want to learn about a story. Because stories are written by humans and humans have intrinsic bias, it’s impossible to get a clear picture or complete “truth” from a single news source.
When I’m analyzing a story, I read through multiple articles covering the topic from publications with varying political leanings to try and minimize the amount of bias and get a fuller picture from all angles. The Ad Fontes Media Bias Chart is far from perfect, but can be a helpful tool for understanding what angle a news story might be coming from, as well as a means for finding alternate reference sources outside of your own leanings (which are helpful to review in order to minimize your personal bias).
#5. Zero Trust – it’s not just for security models
Apply the theory of Zero Trust to news analysis, so even if a publication or reporter have been historically trustworthy, that doesn’t mean they should be intrinsically and automatically trusted in the future. This is especially relevant on social media sites, where misinformation can spread like wildfire (often by those with no ill intentions) merely because people don’t take the time to verify sources. From Fraser Hall Library: “Never share a post on social media without fact checking. This is especially true if it comes from a source you trust. If you want to spread truth, you need to assume that other people aren’t perfect and may make mistakes.”
I have a friend who is raising three extremely intelligent and independent young women, and he constantly reminds them, “Question everything, even if it’s something I tell you.” I think that’s excellent advice, especially in a time when it’s so easy for misinformation to spread rapidly. Lastly, remember that if you are not paying for a service, tool, or software, YOU are the product.
~Jori 🤘 ⚔️
Here are a few other interesting reads that are related to this topic:
Dark Reading article on nation-state motivations for propagating disinformation
RAND Corporation’s list of tools that fight disinformation online
Resilience Series Graphic Novels from CISA
Become a Subscriber
SYNSABER WILL NEVER SELL, RENT, LOAN, OR DISTRIBUTE YOUR EMAIL ADDRESS TO ANY THIRD PARTY. THAT’S JUST PLAIN RUDE.