In the Darkness of Fake News and Phishing, It’s Our Job to Shed a Little Light

On: May 8, 2017
In the darkness of fake news and phishing, it’s our job to shed a little light and equip employees with the skills to navigate treacherous waters.

Originally published on Network World.

I went to speak to a 5th grade class about identity theft just the other day.

I quickly discovered that these kids were struggling with EXACTLY the same problems that most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, nor if they were being scammed or by who.

“Sometimes I’m gaming,” said one kid, “and someone asks ‘What’s your real name?’ and I’m like, why does he need to know?”

“I was on this chat board, and I could just tell this person was totally fake, but I didn’t know what to do.” said another kid.

The truth is, every day, in every possible way, we get bombarded with fake information. It doesn’t matter how old we are, or how smart we are, or whether we’re at home or at work. The world is full of falsity, whether it’s phishing, fake news, or some weirdo trying to learn more about us when we’re playing a video game.

Let me continue my point with a hypothetical. Let’s say this story landed in your inbox:

“Trump Slashes Federal Cybersecurity Budget”

In a move that caught many by surprise, President Donald Trump announced today that he was eliminating the office of the Federal CISO, repealing the Cybersecurity National Action Plan (CNAP), introduced just a year ago by President Obama, and dramatically reducing funding targeted to improving the IT infrastructure across many federal agencies.

“Our agencies can’t solve their security problems. Very sad. Time to outsource cybersecurity,” tweeted President Trump.

Is it phishing? Am I being tempted to click a link that will lead me to a website that will install malware on my computer and infect my network?

Is it “fake news”? Is it another attempt to undermine the legitimacy of Trump’s election and fool me into supporting some political agenda?

Or is it just random noise, cooked up by some click-hungry marketer eager to get page views?

In fact, it could be any, or all, of these. And if you’re sifting through the massive onslaught of information that we all sift through every single day—email, Facebook, LinkedIn—you just can’t always tell what is true or what should be trusted. And therein lies one of the central problems of our age.

The Search for Truth

At the end of our recent presidential election, when it became clear to everyone that fake news had become an existential problem for democracy, we saw all kinds of attempts to identify who was “responsible” for combatting this problem.

The truth is, we all are.

The folks at Google and Facebook have both stepped up to the plate recently with plans to help users identify and resist face news (for coverage, see here and here and here).

Educators have also weighed in, with professors at the University of Washington and the University of Michigan offering classes in how to develop better BS detectors.

And we’ve seen people addressing their own professional communities with advice and tips on how they can resist the spread of fakery in their own domain, whether it’s librarians (IFLA) or tech leaders (Steve King) or even marketers (Nicola Brown).

The InfoSec Connection

Those of us in the information security community continue to do our part:

  • Coders who create algorithms to identify and flag fake news
  • White-hat hackers who penetrate networks to help strengthen them
  • Engineers who train machines to identify anomalous network behavior so it can be isolated and examined

Readers will be able to identify many more.

If you’re responsible for running the security awareness program at your organization, you should revel in the company of those seeking to stop anyone who would steal our information and compromise our networks. If this age of fake news has any silver lining, it’s the renewed attention being paid to equipping all employees, all people, with the skills to navigate treacherous waters.

It’s a tricky world out there, and there are malicious actors seeking to distort and steal and control information, for all kinds of motives. We see time and time again that these attackers will come after you and your employees at home and at work. But there are also many of us—many of you—who in designing systems, monitoring networks, and educating employees are truly seeking the greater good.

So I say, in a world that sometimes seems a little dark, let’s all look for ways to shed a little light.

Give your employees the tools they need to be cyber-aware. Contact us for more information, or to schedule a demo of our award-winning security awareness products and services.

Share this Article

Get in Touch

Related Articles

Want to get the most out of a simulated phishing email campaign targeting your employees? Check out our list of phishing best practices.
How to Get the Most Out of Simulated Phishing Campaigns
Leading companies are recognizing that it’s OK to make cybersecurity awareness fun—what some are calling the next wave of security awareness.
The Next Wave for Cybersecurity Awareness
Are you creating conditions that lead employees toward their cybersecurity tipping point—toward committing to solid security and privacy practices?
Reaching the Cybersecurity Tipping Point
The W-2 scam provides another example of how a security awareness program that adapts to trending threats has an advantage over a one-size-fits-all plan.
W-2 Scams, Spear Phishing, and the End of One-Size-Fits-All Security Awareness