Fake News as an IT Security Threat

References to fake news has certainly increased over the last two years. What is fake news? According to Merriam-Webster, fake news is simply material reported by news sources that is false or counterfeit. As a result of people trusting the news source and author at face value, misinformation is consumed and acted upon and may lead to negative real-world consequences.

The primary challenge with fake news is that the Internet is viewed as a news source. Often there’s no practical difference in the appearance of a CNN news story and an individual’s blog, especially when viewed on a mobile phone. The low barrier-to-entry to become a news source on the Internet and the nature of digital format makes it harder for consumers to distinguish if a news story is authentic or if it was modified without the authorization of the author.

As a local information security professional, I tend to view everything with a higher degree of skepticism than most. But fake news presents a growing problem for IT security because it increases the risk of consumers and businesses (read: your workforce) being compromised. By now, most people are familiar with phishing scams that urge you to enter your security credentials into an unknown website or send money right away but what if the scam was veiled as a news article, encouraging political action or actions related to your personal or business interests?

For years information security practitioners have been working with business to battle hackers and protect the confidentiality, integrity and availability of their data. Firewalls, anti-virus, encryption and all the other security tools available today strengthen the security of networks and websites but unfortunately, they cannot stop fake news from being published on the Internet, especially on social media platforms like Facebook.

This means that our best defense against being taken by fake news lies with each one of us. I believe it starts with turning up our antennae and reading beyond the headlines as a matter of course. Consider the source – is it a legitimate, reliable news source? Who is the author and what are his or her credentials? When and where was the news published? In other words, ask reasonable questions first and don’t take every news item on the Internet at face value.

According to Pew Research, 62% of U.S. adults get news on social media platforms, including Facebook, YouTube, Twitter and Instagram. This content undeniably influences its users and these sites have been criticized by many for the proliferation of fake news. To combat this, Facebook has initiated programs to reduce the fake news on its site by working with other news organizations to conduct fact-checking and to aggressively identify and disable fake accounts on their site. I believe the latter strategy will be the most effective since fake user accounts are frequently used to publish and disseminate fake news stories.

As consumers, we should always consider the integrity of an Internet-published news story with some degree of skepticism. Similar to the guidance related to identifying phishing scams, we should always validate if a news story is from a trusted source before taking action. Cyber security is a multi-billion dollar industry largely centered on providing protection through tools.

However, in my opinion, the most effective and cost-efficient way to protect ourselves from attackers and misinformation from fake news starts with taking a few minutes to assess whether we should trust the source in the first place.

Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.

Visit this article in the Star-Advertiser