Selling Fear: The Impact of media sensationalism on information security

Selling Fear: The Impact of media sensationalism on information security

In today's media landscape, incidents related to information security often find themselves under the spotlight. However, I've seen instances where the media outlets sometimes amplify these incidents, making them appear more severe than they actually are. This phenomenon not only misinforms the public but also has broader implications on society's perception of information security threats.

 

The coverage of the very recent "Mother Of All Breaches" is a prime example of this overhype and sensationalism. Scary and overblown headlines that imply something far removed from the actual reality of the situation. Two examples of this overhype are:

https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

https://nypost.com/2024/01/23/lifestyle/extremely-dangerous-leak-reveals-26-billion-account-records-stolen-from-twitter-linkedin-more-mother-of-all-breaches/

One key reason behind media sensationalism is the pursuit of higher viewership and increased engagement. Dramatizing information security incidents tends to grab attention, but it can inadvertently contribute to unnecessary fear and anxiety among the general public. When incidents are blown out of proportion, individuals may become more paranoid and skeptical about the safety of their personal data, leading to an erosion of trust in digital systems.

Moreover, the constant barrage of sensationalized stories may result in a desensitized audience. If every incident is portrayed as a catastrophic event, individuals may start to tune out, dismissing genuine concerns as just another media exaggeration. This desensitization could hinder the public's ability to differentiate between minor security breaches and more critical threats, ultimately diminishing the impact of valid warnings.

The consequences of media sensationalism extend beyond the individual level. Exaggerated reporting can fuel a climate of fear that influences policy decisions and regulatory measures. Governments may be pressured to enact stringent laws based on public outcry, potentially sacrificing a balanced approach to cybersecurity in favor of reactionary measures. This knee-jerk response can lead to policies that infringe on privacy rights without necessarily enhancing overall security.

In summary, media sensationalism surrounding information security incidents has the potential to create unnecessary fear and anxiety. Striking a balance between informing the public and avoiding exaggeration is crucial to fostering a healthy understanding of cybersecurity challenges. It is imperative for media outlets to exercise responsibility in their reporting, ensuring that the public remains informed without being unduly alarmed by the constant barrage of sensationalized stories.

John

Deep Fake Scams On The Rise. Preparing Your Loved Ones

This was inspired by the following news article:

"Frightening new scam uses A.I. to convince loved ones are being held at gunpoint" 

CNY Central: Frightening New Scam Uses A.I.

“Deep Fakes” are a type of scam that use artificial intelligence (AI) and large language models (LLM) to create fake videos, images, or audio recordings that appear to be real. These scams can be used to manipulate people into believing something that isn’t true, such as a friend or loved one being held for ransom. Abhorrent thought i know. The technology behind “Deep Fakes” is constantly evolving and improving, which makes it increasingly difficult to distinguish between real and fake content. Scammers can use this technology to create convincing fake content that can be used to spread misinformation, steal personal information, or even extort money from unsuspecting victims.

It’s important to be aware of the risks associated with “Deep Fakes” and to take steps to protect yourself and your loved ones. Some ways to stay safe include being cautious about what you share online, verifying the authenticity of any content before sharing it, and using reputable sources for news and information. Additionally, if you or your loved ones plan to travel abroad or to areas that are known to have organized criminals operating, it might be a good idea to develop “safe words” or “safe phrases” in advance of the trip. These can be as simple as mentioning “hay fever” and should be low-key but stand out to whomever is receiving the message. They can be used to determine the authenticity of a call, video, or other communication.

I hope this helps you and the ones you love. 

John 

Anticipating the future by looking backwards.

Anticipating the future by looking backwards. 

As we look to the new year and the potential futures that will manifest in 2024 we should also take a moment to look for any threat actor trade craft differences or evolution that we’ve seen during 2023. Cybersecurity threats are constantly evolving and becoming more sophisticated and diverse. According to various reports, some of the noticeable differences in the threat actors’ behavior and techniques in 2023 are:

Increased use of artificial intelligence (AI) and deepfake technology: Threat actors are leveraging AI and deepfake technology to create more convincing phishing emails, impersonate legitimate users or entities, bypass biometric authentication, and generate fake audio or video content to manipulate or extort their targets. 

More targeted and customized attacks: Threat actors are conducting more research and reconnaissance on their potential victims, using social engineering, open-source intelligence, and data breaches to gather information and tailor their attacks accordingly. They are also choosing their targets based on their industry, size, location, or vulnerability. 

More collaboration and specialization among threat actors: Threat actors are forming alliances and partnerships with each other, sharing tools, techniques, and resources to increase their efficiency and effectiveness. They are also specializing in different aspects of the attack lifecycle, such as reconnaissance, exploitation, persistence, exfiltration, or ransomware delivery.

More innovation and adaptation to the changing environment: Threat actors are constantly developing new ways to evade detection and response, such as using encryption, obfuscation, polymorphism, or fileless malware. They are also adapting to the changing IT landscape, such as the shift to cloud, remote work, and IoT devices, and exploiting the new vulnerabilities and opportunities they present.

Threat actors in 2024 will absolutely continue evolving in diversity, complexity, and technological capabilities. The nature of their activities dictate that. Organizations can prepare for these events by following some best practices, such as:

Establishing a robust cybersecurity policy that outlines the measures, roles, and responsibilities for enhancing cybersecurity effectiveness. 

Securing the perimeter and lot connections with firewalls, encryption, VPNs, and other technologies to prevent unauthorized access and data breaches. 

Employing a people-centric security policy that educates and empowers employees to recognize and report cyber threats, and to follow security guidelines and protocols. 

Controlling access to sensitive data and resources with identity and access management (IAM) solutions, and implementing the principle of least privilege. 

Managing passwords wisely with strong and unique passwords, password managers, and multi-factor authentication (MFA). 

Staying informed and updated on the latest cyber threats, trends, and solutions by attending cybersecurity conferences and events. 

Implementing a proactive and resilient incident response plan that can quickly detect, contain, analyze, and remediate cyber incidents, and minimize the impact and damage.