Sending malicious payloads and packets is no longer the standard in threat operations. In today’s world of massive social media presence and influence, malicious actors can bring an organization to its knees — 280 characters at a time. This isn’t an attack on your infrastructure but an attack of computational propaganda aimed to shape a divisive narrative about your brand.
Manipulating emotion and reputation isn’t new, as the 2016 US election illustrates. What happens when bad actors attack your organization the same way they attack politicians? Using open source tools, bot farms, and troll factories to target your company and sway public perception, attackers could inflame sentiment and rally the masses against you, turning these events into a major crisis that consumes time, attention, and capital. Your brand isn’t immune to this type of threat. Your business must understand that successful attacks occur outside of the infrastructure that your security team traditionally safeguards. Just as you do for networks, identity, and infrastructure, you must apply the concept of Zero Trust outside the wire.
Adopting a Zero Trust mindset, we should expect that targeted cyber influence campaigns could be launched at a moment’s notice or are already underway. A Zero Trust mindset outside the wire starts with recognition of the threat that computational propaganda and influence operations represent to all organizations. Security leaders need to develop specific response plans that address the nature of the attack, the distribution channels that must be included, the motivations of the attacker, and how to reconnect with customers that have lost faith or trust in the brand. See our report, “Zero Trust Outside The Wire: Combatting Cyber Influence And Espionage Threats,” for our recommendations on how to deploy a digital risk protection strategy with a Zero Trust mindset.