George Orwell’s “1984” topped the Amazon sales chart this year. Undoubtedly a literary classic, the book’s revived success is founded on its likeness to present day politics, with doublespeak, ‘alternative facts’ and outright fakery to the fore in recent months, in the US and elsewhere.
Misinformation and the misuse of information was a key factor in the 2016 US presidential elections. It’s unclear exactly who was behind the well-publicised hackings, leaks and fake news stories, and the true impact may never be truly known. What is clear is this: the ability to misuse information for political gain or otherwise will continue to be a significant cybersecurity issue in the coming years. In fact, concerns have already been raised about similar attacks on trust ahead of the German Parliament elections this year.
Data and information must be secured. Ensuring its integrity and proper use is vital to maintaining trust not only in organisations, but in the public sector and the ability of its leaders to make decisions.
Old tricks, new performers
The use, or misuse, of information to sway public opinion or gain political advantage is not a new idea. In a Washington Post opinion piece, John Maxwell Hamilton of the Woodrow Wilson Center for International Scholars recently argued that information warfare could be dated back to the opening days of the First World War, when the British cut German undersea cables to disrupt communications. The understanding that the control of the media equates to the control of the masses has long been abused.
The rise of digital has meant that data can be remotely accessed and manipulated as well as disseminated globally. The internet means the reach of the misuse, and the scope of the mistrust, is limitless. Data is meant to be a resource and asset, but has become a weapon. You only need to think back to the release of stolen e-mails during the presidential campaign to see the impact of weaponising data.
The sheer extent of the proliferation of fake “news” stories is shocking. In the US election fake news often outperformed real news in social media shares. According to a survey by the Pew Research Center, 23 percent of respondents said they had at some stage shared fake stories – either knowingly or not.
But who is responsible for monitoring and protecting the integrity of data?
Separating facts from fiction isn’t always easy. We feel (according to the Pew survey) that we should be able to spot fake news. But while a story about a love triangle with Elvis can be easily dismissed, an article that slightly alters the numbers of a political poll or the selective release of documents without context are more complex to evaluate.
The issue is that digital data can be altered without detection. Data can be meddled within servers and databases without any alert to owners that it has been infiltrated. This information remains credible on the surface and to the end-user, especially when coming from a trusted source, but it is extremely difficult without prior knowledge to detect any kind of foul-play. Audio and video files can also be edited to deceive. Seeing and hearing are no longer believing. Trusted sources are losing their integrity.
For the data manipulators, the phony or doctored information can be distributed globally at little cost and further amplified through social media. Identifying the original source of falsified data or information becomes more difficult the wider the reach. And even if it is detected, editing the various syndications of the information is near impossible.
Protecting ourselves and our institutions
From the end user to the source, we all have a part to play in defending ourselves and our institutions against misinformation.
Firstly, people must be media and information savvy. Whether a baby boomer or a digital native, we must be able to effectively evaluate the credibility of the information we consume and its sources. This requires a mix of critical thinking, adequate knowledge and healthy skepticism to question data that sets off alarm bells. Understanding the nature of digital data and the challenges of cybersecurity contribute to these skills. If you go in knowing that data can be fallible, the warning signs are easier to spot.
Alongside this, the creators, owners, and distributors of the data have an obligation to maintain its integrity. Reputations are at stake, including the integrity of our institutions. In times of political unrest, the loss of public trust and confidence is not a consequence to be taken lightly.
Business should learn from the current political landscape and incorporate data integrity into their cybersecurity programmes. Encrypting data can help protect it, and should be incorporated as standard practice, as well as hashing, which can help assure it has not been altered. Monitoring network activity and controlling access to privileged accounts that have permission to make changes in data is also critical.
In a world where it’s difficult to know who or what to trust, we should be able to rely on our public institutions. But with malicious attacks and poorly managed information affecting the integrity of data, at all stages of the process, from the citizen and consumer to the data source, we must be diligent. We must all be a part of raising the visibility of this challenge. Spur the discussion and encourage the curiosity of your piers to question their ‘facts’. The election may be fading from the front pages, but the associated concern and depth of mistrust still runs deeply through our veins.
John Worrall is chief marketing officer of CyberArk