6 Reasons Why Disinformation is a Cybersecurity Risk

Many people conflate “misinformation” and “disinformation,” using these terms interchangeably. However, knowing the difference between these two terms helps plan your defense against online risks and protect your brand’s reputation. 

Misinformation is defined as “false information that is spread, regardless of intent to mislead.” Misinformation can be information that someone remembered incorrectly, misread, or repeated by mistake. Generally, there’s no malicious intent inherent in misinformation. 

Disinformation, on the other hand, is defined as “deliberately misleading or biased information; manipulated narrative or facts; propaganda.” Disinformation is knowingly spreading misinformation; it is commonly used in espionage to spread fake information, such as during the Cold War when the United States and the Soviet Union launched propaganda campaigns against one another. 

Today, disinformation can cause irreparable harm to your company. Here’s why disinformation is a cybersecurity risk, and what you can do to stop it. 

  1. Disinformation is cheap

As compared to ransomware, disinformation is an inexpensive way to launch an attack on a business. The rise of “disinformation as a service”, or DaaS, shows just how affordable it is to spread online misinformation. DaaS providers charge as little as $15 - $45 per 1,000-character article, plus an additional $65 to contact a media source that will spread the material. Launching a ransomware attack costs, on average, $1,000.

  1. Anyone can spread disinformation

One of the biggest risks of disinformation is that it can come from anywhere. “Bad actors — ranging from state-sponsored trolls to members of extremist groups to independent disinformation-service providers — can engage in all of these types of campaigns for reasons that range from greater notoriety to fee-for-service to ad revenue to secondary economic gain (e.g. product sales) to political and policy objectives,” wrote researchers in the Rutgers report, The Future Of Disinformation Operations and The Coming War On Brands

The rise of the internet means that online misinformation can come from anyone. Disinformation campaigns are no longer the primary concern of state actors: businesses face this cybersecurity threat from activists, extremists, conspiracy theorists, and trolls. 

  1. Disinformation spreads quickly 

Once a disinformation campaign has started, it’s hard to put a stop to it. A study by MIT in 2019 found that online misinformation spreads farther, faster and deeper than true facts. Their analysis found that false news reports are 70% more likely to be retweeted than true news stories and reach the first 1,500 people six times faster. 

Likewise, it can be difficult for internet users to identify true and false information; the study found that bots spread true and false information at the same rates. This indicates that real individuals are the ones spreading and amplifying fake news. Disinformation campaigns often hide among real news stories, so individuals often unwittingly play a part in spreading fake news. 

  1. Disinformation is not illegal

Another reason why disinformation presents a significant cybersecurity risk: it’s legal. There’s no law regulating the spread of false information. Search engines and social media platforms aren’t compelled to configure their algorithms to reduce the risk of disinformation. 

“That often means the consequences are minimal — as when specific individuals or accounts are banned from a platform,” wrote Axios. “Other times, the only cause for redress is legal action, such as a defamation lawsuit, and those can be time-consuming and expensive to pursue.” 

Disinformation can negatively impact your organization’s bottom line, and chasing after perpetrators of disinformation campaigns is often a costly, futile pursuit. 

  1. Disinformation is costly to companies

According to one estimate, disinformation costs the global economy $78 billion each year. As disinformation campaigns increasingly target the private sector, this cost is expected to rise: some estimates put the cost at closer to $100 billion. Deloitte estimates that a low-end cyberattack could return around $25,000, by comparison. 

Disinformation campaigns are hard to recover from. For example, Comet Ping Pong, a pizza restaurant in Washington, DC, is still facing protests and picketing five years after an online disinformation campaign claimed (falsely) that the restaurant was involved in a child trafficking ring. Furniture company Wayfair contends with dozens of new videos that continue to be posted, year after year, that perpetuate a separate fake story about child trafficking. These stories continually damage brand trust and hinder growth. 

  1. Disinformation is tied to e-commerce

The pandemic has caused more consumers to rely on e-commerce, and with this shift comes a new way to spread online misinformation. E-commerce has made disinformation more of a cybersecurity risk, deceiving shoppers into funding extremist groups or conspiracy theories they may not be aware of. 

“Author Patrick Jones says that while sites have scrubbed obvious items such as QAnon-emblazoned wear, clever marketers are sneaking through what appear to be unobjectionable messages and conflating them with conspiratorial totems or shibboleths,” wrote International Security Journal. “For example, according to Jones, QAnon sellers use ‘#savethechildren’ or ‘saveourchildren’ on clothing, decals, cups and other items as a sly reference to their belief that high-ranking Democrats and celebrities traffic children. Figuring out whether a seller is involved with QAnon or is simply decrying the general practice of child trafficking, is difficult.” 

E-commerce algorithms can also be co-opted into recommending products that have darker meaning. Brands must be diligent about monitoring their brand mentions to identify and address misinformation and disinformation spread by algorithms or influencers. 

How to combat this cybersecurity risk

Unfortunately, because disinformation is so prevalent, it’s difficult to combat this potent cybersecurity risk. Rather than try to completely eliminate online misinformation, brands should seek to monitor mentions of their company and create a response plan when disinformation campaigns appear. 

To support the fight against disinformation, PeakMetrics offers a machine learning platform with the tools you need to detect online disinformation campaigns at scale and respond appropriately. PeakMetrics monitors the entire digital media environment: from traditional news media sources to TV/radio, podcasts, and social media, including Twitter, YouTube, Instagram, and Reddit. When disinformation campaigns appear, you’ll get an early alert that can help you respond in real-time and prevent lasting brand damage. 

We’re also partnering with NewsGuard to provide a way for our clients to filter, sort, and discover mentions of a brand or topic based on NewsGuard’s credibility ratings and metadata for more than 7,500 news and information websites. This provides the ability for clients to see whether their brand or competitors appear on credible news sources or on misinformation websites.

To learn more about PeakMetrics’ tools, request a demo with one of our experts. 

Featured image source: https://unsplash.com/photos/34zq7tzqRSw

Sign up for our newsletter

Get the latest updates and publishings from the PeakMetrics investigations team.