While not new, asymmetric warfare – in which a force employs proxy battles, disinformation campaigns, and other nontraditional and thus unpredictable tactics – remains a potent cyber weapon that many business leaders need to understand. However, David Masson, Director of Enterprise Security, Darktrace, says engaging bad actors in today’s cutthroat field of battle calls for another perhaps less obvious element.
“This is not a traditional, binary sort of war where it’s clear who your enemy is and what they’re doing or going to do,” he said. “There is great power in knowing not only who you’re up against but also yourself.”
One has only to glance quickly at the headlines today to see the power of misinformation (mistakes) and disinformation (outright lies) – on both sides of the geopolitical aisle.
“Disinformation is everywhere. If you only have time to listen to soundbites or read headlines on social media, you could easily become a victim of this ongoing info-war.”
Perils of the Information Age
But misinformation and disinformation are not occurring only in geopolitics; these phenomena are also happening at organizations worldwide.
The birth and proliferation of disruptive new technologies like the internet and social media have brought enormous societal changes. Now, there are channels of communication that would have been the stuff of science-fiction novels a generation ago. Smart mobile devices have only accelerated things.
“All this progress and tech have made information not just a boon and blessing but also, unfortunately, a potential threat,” said Masson. “Half-truths spread like wildfire now, as do outright lies and unfounded rumours. Altogether, these bits of disinformation have the power to make it very difficult for people to discern fact from fiction.”
Our interconnectedness poses substantial communication challenges, especially when a crisis needs explanation.
When cyber-threats disrupt an organization, potentially impacting millions of people, critical information can get lost in this rampant misinformation and disinformation. Poor delivery and slick spin can alienate the audience, as can the apparent bewilderment of the leaders of the victim business. Consumers and trusted partners often suffer the pitfalls of poor delivery, misguiding messaging, and fear of reputational damage from organizational leadership.
Organizations can also be slow or hesitant to get information out to customers or impacted parties after experiencing a cyber incident, and this can sometimes give an impression of reluctance to say anything at all, which sows seeds of doubt.
Disinformation as Cover
Distributed denial of service (DDoS) attacks threaten any IT team. A sudden surge of internet traffic to a company’s public-facing web or application servers can bring the walls down very quickly. These are incredibly damaging attacks, particularly for online businesses – causing potentially millions of dollars in lost revenue for every hour of downtime.
As dangerous as DDoS attacks are, though, they can be the least of IT’s problems.
“A DDoS attack can actually be a cover for a much bigger thing,” said Masson. “You might have a bad actor getting your attention with a DDoS attack as they mount a bigger, stealthier, and even more destructive attack. Cases like these are classic illustrations of how threat actors can use a distraction.”
Need for Truth
At a time when information travels widely and rapidly, mistakes and untruths can proliferate; this can – and does – disrupt the flow of useful information. For companies that have suffered a cyber incident, this can mean the difference between a minor breach and a full-blown cyber-attack with the potential to disrupt business operations for hours, days, or even weeks.
In this kind of world, said Masson, people become alienated. They don’t trust you.
Too often, when disclosing a cyber incident, organizations do not adequately understand what exactly occurred. Official disclosure statements regularly betray the fear and uncertainty felt by executive leaders about the extent of cyber-attacks within their business’s digital infrastructure.
“Organizations must be able to detect, contain, investigate, and respond to cyber-threats at their earliest stages, giving them a complete picture of the impact,” said Masson. “This knowledge then feeds into and supports confident disclosure quickly after an incident occurs.”
Reliable and confident crisis communications that promptly offer precise and accurate information will drive home reassurance about the events of a cyber-incident and the steps a business is taking to remediate the attack and prevent further disruption.
“A failure to disclose, or disclose appropriately, won’t stop eventual disclosure,” said Masson. “But it won’t be on the organization’s terms; they won’t have control of the message.”
In this world of communication immediacy, businesses should have public disclosures as part of their cyber response plans and be ready to discuss the incident in the public domain as soon and as openly as possible.
Visibility and Communication
Darktrace’s Enterprise Immune System offers the power of knowledge – the power of having a clear view of not only your operations but also of how any breakdown occurred.
With artificial intelligence (AI) technology, companies can get a good read on what’s happening inside their digital infrastructure (both IT and OT) in real-time, adequately preparing them for eventual disclosure. “Because they want this deep understanding,” he said, “more and more companies are turning to self-learning AI.”
“Cyber-threats are both inevitable and unpredictable,” said Masson. “We offer total visibility across your entire operation, from your network to the tools you use to your various endpoints. Our Enterprise Immune System harnesses AI to help you understand your organization more deeply. With visibility of this kind and depth, you can anticipate more cyber-threats and communicate both internally and externally what went wrong – when something (inevitably) does go wrong.”