This kind of organized rumormongering doesn't just help those looking to benefit from short-term stock spikes. "Spreading a rumor can force an official comment on sensitive issues," says Douglas Boemker, a counterintelligence specialist who is the CEO of Macrotec Security. "And false information can poison the well on deals."
False information can poison the well on deals.
Douglas Boemker, CEO of Macrotec Security
When it comes to the stopping the spread of false information, IT security has something of an advantage over those grappling with the issue in the media at large, says Boemker. "Organizations should have established lines of communication, and they can quickly reach out to employees to clear up confusion," he says. "Since people within an organization tend to know where they can obtain reliable sources of information, any skillful handling of company communications, internal or public relations, goes a long way."
Holding back the tide
Controlling the flow of fake information outside the company is a more formidable task, though. "Security must extend their protective monitoring to include external activity that can arise literally anywhere on the internet—Twitter, Facebook, LinkedIn, citizen-journalism aggregators, video sites, fringe news outlets, blogs, article comments, and thousands of other sites," says BrandProtect's Mancusi-Ungaro.
"It is an immense task. But it must be done. Companies that have the resources should build out their monitoring teams to include these requirements. This will involve hiring a team of engineers and threat analysts, and building the tools and processes to conduct the monitoring. Companies that don't have the resources should engage with a growing group of expert services providers that deliver external threat monitoring services on a 24/7/365 basis."
The tech tools offered to protect companies could also be applied to the fake news problem at large, says Dunbar's Ensey. "There are companies with products and services that mine social media networks to identify malicious links that are being posted with the hopes that they can compromise different users," he says.
"I think you'll probably start to see some of these tools turn their analysis towards reputation and information about the site. They'll use content inspection to see if it's something that's been reposted in many different places in many different ways. There are scoring systems that can be built on top of existing social media cybersecurity technologies that can be adapted to that fake news media."
But Dunbar's Ensey explains how programmatic tools can look below the surface to spot the scam. "You can look at the history of the domain," he says. "If this URL's been hosted on 40 different IP addresses in the last six months, that's a pretty big indicator that there might be something a little fishy. I think you can make the argument that for sites that haven't been online very long, that don't score well with Alexa or other ranking engines, there should be some means of marking this in an automated fashion, just like the security lock on your browser URL."
Sign up for Computerworld eNewsletters.