Originally published on Network World.
I went to speak to a 5th grade class about identity theft just the other day.
I quickly discovered that these kids were struggling with EXACTLY the same problems that most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, nor if they were being scammed or by who.
“Sometimes I’m gaming,” said one kid, “and someone asks ‘What’s your real name?’ and I’m like, why does he need to know?”
“I was on this chat board, and I could just tell this person was totally fake, but I didn’t know what to do.” said another kid.
The truth is, every day, in every possible way, we get bombarded with fake information. It doesn’t matter how old we are, or how smart we are, or whether we’re at home or at work. The world is full of falsity, whether it’s phishing, fake news, or some weirdo trying to learn more about us when we’re playing a video game.
Let me continue my point with a hypothetical. Let’s say this story landed in your inbox:
“Trump Slashes Federal Cybersecurity Budget”
In a move that caught many by surprise, President Donald Trump announced today that he was eliminating the office of the Federal CISO, repealing the Cybersecurity National Action Plan (CNAP), introduced just a year ago by President Obama, and dramatically reducing funding targeted to improving the IT infrastructure across many federal agencies.
“Our agencies can’t solve their security problems. Very sad. Time to outsource cybersecurity,” tweeted President Trump.
Is it phishing? Am I being tempted to click a link that will lead me to a website that will install malware on my computer and infect my network?
Is it “fake news”? Is it another attempt to undermine the legitimacy of Trump’s election and fool me into supporting some political agenda?
Or is it just random noise, cooked up by some click-hungry marketer eager to get page views?
In fact, it could be any, or all, of these. And if you’re sifting through the massive onslaught of information that we all sift through every single day—email, Facebook, LinkedIn—you just can’t always tell what is true or what should be trusted. And therein lies one of the central problems of our age.
The Search for Truth
At the end of our recent presidential election, when it became clear to everyone that fake news had become an existential problem for democracy, we saw all kinds of attempts to identify who was “responsible” for combatting this problem.
The truth is, we all are.
And we’ve seen people addressing their own professional communities with advice and tips on how they can resist the spread of fakery in their own domain, whether it’s librarians (IFLA) or tech leaders (Steve King) or even marketers (Nicola Brown).
The InfoSec Connection
Those of us in the information security community continue to do our part:
- Coders who create algorithms to identify and flag fake news
- White-hat hackers who penetrate networks to help strengthen them
- Engineers who train machines to identify anomalous network behavior so it can be isolated and examined
Readers will be able to identify many more.
If you’re responsible for running the security awareness program at your organization, you should revel in the company of those seeking to stop anyone who would steal our information and compromise our networks. If this age of fake news has any silver lining, it’s the renewed attention being paid to equipping all employees, all people, with the skills to navigate treacherous waters.
It’s a tricky world out there, and there are malicious actors seeking to distort and steal and control information, for all kinds of motives. We see time and time again that these attackers will come after you and your employees at home and at work. But there are also many of us—many of you—who in designing systems, monitoring networks, and educating employees are truly seeking the greater good.
So I say, in a world that sometimes seems a little dark, let’s all look for ways to shed a little light.