This post first appeared on Risk Management Magazine. Read the original article.
Fake news is nothing new—we have long been exposed to propaganda, tabloid news, and satirical reporting. But now, with the dependence on the internet, promotion of trending stories on social media, and new methods of monetizing content, we have found different ways to relay information without using traditional media outlets. A single story posted on a personal or biased website can go viral and lead to additional content that gets distorted just like the results of a game of telephone. The original authors may be fully aware that the story is a lie, but with no throttling or inspection of content, the story can take on a life of its own, go viral, and spread misinformation while also leaving a tarnished impression of legitimate media. With tabloid news, most people recognize that Bigfoot was not in their backyard. Fake news, however, can seem so believable that people have a hard time determining the truth. Whether the article is real or fake news, and if it should be shared, can be difficult to determine without researching the story personally.
Regardless of how far the story spreads or your belief in its contents, fake news stories present significant risk to people, industries and governments. According to Buzzfeed, the top five political news stories on Facebook in 2016 ranged from fabricated news of Obama signing an executive order banning the pledge of allegiance in schools to baseless claims of FBI agents committing suicide after leaks of Hillary Clinton’s emails. For the former, more than two million people shared, commented or had reactions to the fake news and countless others discussed or propagated the fake news via other communication methods. Whatever your political opinions, the proliferation of these stories had a significant impact, casting doubt or concern and spurring conspiracy theories based on misguided content. Thus, honest questions remain. Did the residual risk impact the election results, who originated the fake news, was there a motive, and how many people still believe these stories were real? Most people believe that fake news can influence people—or is that perception fake news as well?
The information technology world deals with new and urgent risks every day. Fake news on vulnerabilities, exploits and breaches is rare so far, but the ramifications could be mind-boggling and resource-intensive if threats are taken out of context and without perspective.
Take for example the Jan. 17 announcement from the United States Computer Emergency Readiness Team (US-CERT) to disable Samba version 1, a networking protocol that facilitates file and print services. Experienced information technology and security professionals reviewing the details of US-CERT’s recommendation recognize that it calls for the use of internet firewalls and edge devices including servers. This has been a standard recommendation for decades. Unfortunately, some interpreted the statement as a call to disable certain ports on all devices, spawning a rash of fake news on the topic.
One could dismiss this response as simple ignorance about the details of the bulletin, but when vendors receive inquires about fake news and hype articles that leave out critical information about the flaw, IT professionals then must dedicate the time and resources to communicate how bad an idea this is for devices within the perimeter. If readers only have the distorted version of the story, they could disable critical features and applications. The risk of this fake news is real: changes adopted based on misinformation could cause a massive outage.
The Wall Street Journal took a different perspective on the risks of fake news after interviewing crisis management executives at various organizations. They found that, while you cannot stop fake news from happening, you can be prepared to respond and minimize the risk and damage regardless of the content. This preparation is key. Just like having a disaster recovery plan for your home or business, including flashlights, food and a radio, have a plan for responding to a fake news threat.
You must combat negative press regardless of its validity. This includes having the ability to craft a response, make sure key individuals are prepared to speak to legitimate media, and communicating a consistent message without repeating or acknowledging the content of the fake news.
Therefore, if we consider the earlier examples of fake news, we would probably respond with “all children have the right to say the pledge of allegiance,” and “organizations should verify security and hardening guidelines for device protection.” Such responses do not manage fake news with a negative spin but rather affirm the status quo and core values behind the discrepancy. This is a more effective neutralization than trying to add negative terminology to the original story, such as “FBI agents did not commit suicide.”
Unfortunately, such misinformation tactics are likely here to stay, and there may be significant repercussions if the fake news incites a riot, causes financial loss for a business, or affects government operations and elections. As the public adapts, it is important for enterprises addressing fake news to be mindful of the impact of any negative responses. The word “fake” is already a negative term. By using more negative words in a response, it could reinforce the incorrect message, leading to the further misinterpretation of the facts and even more unnecessary risk.