Falk Rehkopf

View Original

C-Suite Beware: Disinformation Arrived in the Corporate Sector

Falk Rehkopf

Once relegated to the world of politics, disinformation is now rearing its ugly head everywhere, sowing seeds of distrust in everything from climate science to COVID vaccines and now even in the corporate sector as well.

Whether used as an attack to tarnish politicians, question science or tear down businesses and brands, understanding the nature of this threat is imperative for the C-suite to be prepared for it in the future.

What is Disinformation-as-a-Service?

Just as Software-as-a-Service allows access to centrally-hosted software for a fee, Disinformation-as-a-Service, or DaaS, works in a fundamentally similar way. You essentially buy a disinformation campaign. Why? The reasons are endless - Influence. Power. Manipulating the narrative. Bringing down a competitor.

Also, they’re cheap, making DaaS incredibly attractive. As professional services organisation PwC points out, “disinformation campaigns are asymmetric, meaning they are inexpensive to create and distribute at scale.” The degree to which they’re asymmetric is breathtaking. MIT’s Sloan School of Management concluded that “falsehoods are 70 percent more likely to be retweeted on Twitter than the truth, researchers found. And false news reached 1,500 people about six times faster than the truth.”

With disinformation spreading so fast, does the truth stand a chance? Enter the Dark Web.

The Role of the Dark Web for DaaS

First, we need to define the Dark Web. Norton describes it as being “made up of hidden sites that you can’t find through conventional web browsers. Instead, you must rely on browsers and search engines designed specifically to unearth these hidden sites.”

Add to that the anonymity provided by encryption and you have the perfect cover for nefarious pursuits.

Illicit and illegal transactions, content, and activity are rampant on the Dark Web and it’s where you can find everything from drug traffickers to ransomware experts to, yes, DaaS actors lurking in the shadows. DarkOwl, a Dark Web monitoring & intelligence company, for example, noted “several Ukrainian and Russian-speaking disinformation-as-a-service providers across the Dark Web with a considerable footprint for information-manipulation related offers.”

These operators pull from the same toolbox as any other marketing, branding, or public relations professional would. The only difference is the goal – to bring down a competitor, not raise up a client.

Given those ends, the unofficial rule of DaaS is don’t do it yourself. Create plausible deniability.

The Roadmap of a DaaS Scheme

The name of the game is shifting public opinion and the recipe is essentially a carbon copy of the work PR firms and social media marketers do daily. The DaaS “industry” may be in its infancy but using these well-tread PR strategies means maturation was swift.

As the Financial Times discovered, Oxford researchers found “contractors employed to manipulate opinion in 48 countries”.

To that end, organizations, politicians, state actors, and the like can more or less pick from a menu of options: Articles, blog posts, videos, social media posts, as well as social media accounts and bots for spreading and amplifying the message.

The New York Times, in a deep dive into a Chinese propaganda campaign, detailed a real list of services – and prices – from a private contractor, including:

  • Register accounts on foreign social media platforms for ~$785/month;

  • Disguise and maintain overseas social media accounts for ~$785/month;

  • Create original videos for ~$6,275/month.

Wired, referencing a thorough report from American-Japanese cyber security software company Trend Micro detailed the costs for certain aims:

  • Create a fake ‘celebrity’/influencer social media account – $2,600;

  • Discredit a journalist – $55,000;

  • 12-month political campaign to change people’s opinions – $400,000.

What are the real-world implications of going down this rabbit hole?

Just take a look at what BioNTech-Pfizer has been dealing with:

How Can Organisations Prepare for and Respond to DaaS?

Given the bleak picture painted, it can feel demoralizing going up against an often anonymous enemy whose messages spread faster than wildfire.

But, consider these steps as :

  • Evaluate your risk landscape – Think about and enumerate what risks your company or clients face that could be exploitable. Like a SWOT analysis that focuses only on the “T”

  • Understand the motivation – Once you’ve evaluated the threats, dig deeper and understand what would motivate a disinformation attack. To undermine a product? To create doubt in the company?

  • Listen in all directions – Beyond the typical mainstream media and social media sources that you should be monitoring, keep an ear to the edges of the internet. Disinformation-as-a-Service is often found in the dark corners of the web, the disinformation itself is discussed there as well.

  • Respond promptly and proactively – Don’t let it linger. Information moves at lightning speed, make sure yours is at the forefront. Just as DaaS providers will build a network of social media commentators, you need to create your own that push the positive story.

  • Create a recovery plan – Most importantly, don’t be caught off guard. Take all of the above and create a disinformation plan of action. It may even mean bringing on an expert or creating a chief risk officer.

Key Takeaways

Deception isn’t new. It’s just become more sophisticated. The operation to spread it has become a business of its own right now, leveraging social media and more to get the message out faster than ever before. The attacks are more coordinated, the results swifter.

Manipulation for hire is here to stay and it’s called disinformation-as-a-service.

The solution isn’t to ignore it but rather to face it head-on, acknowledge it, and continue to work hard cementing the truth.

+++