Discerning the real from fake
KUALA LUMPUR, 11 March 2020 — The topic of fake news is not new, as it has been discussed and debated extensively in both traditional and alternative media spaces. Broadly speaking, fake news is a campaign of disinformation with the intention of shaping opinion, introducing bias, or damaging a certain target entity through the spread of false and fabricated news.
The proliferation of social media platforms and messaging apps where information can go viral almost instantaneously amplifies this problem, in comparison to the traditional print media of the past.
The impact of fake news differs, depending on the topic involved, and who the target entity is. Hoaxes, such as those falsely claiming the demise of a certain celebrity, are mischievous and slanderous, and in some extreme cases can result in individuals being harassed and threatened by the general public.
Some fake news are spread to cause social unrest or panic, such as the recent ones involving the exaggerated dangers of COVID-19. These tend to have a more lasting and deeper impact on society, and can lead to legal troubles, and in some cases, even police arrest. Some could even influence the outcome of elections, as was widely reported during the US presidential election of 2016.
Fake news can lead to bigger troubles than just mere social mischief. In May 2019, UK’s Metro Bank was the victim of a fake news campaign where news of its supposedly impending shutdown or bankruptcy went viral via the hugely popular WhatsApp messaging app. Within hours, various bank branches saw panicked customers attempting to withdraw their savings or to empty their safe deposit boxes. The bank’s share price suffered a severe drop as a consequence of the negative perceptions and market panic.
Hackers are also getting on social media platforms, scanning their victims’ profiles, and targeting them with phishing emails that display catchy headlines aligned to their interests, so as to entice them to click on links to malware-laden websites. Some of these emails play on human emotions and rely on their compassion, or curiosity, to click through links using relevant fake topics.
So, how do we overcome this problem? Unfortunately, there is no one single solution. There are, however, several suggested ways to counter, or at least minimise, the risks and impact of a fake news attack:
- Planning is absolutely crucial. Planning for fake news attack is similar to preparing for a media disaster: be prepared for every conceivable situation, have a competent media team ready, and appoint dedicated spokes-people who deliver a consistent message and response to all queries.
- Education is important. Have a sound employee security awareness campaign to educate staff on the importance of validating any news before propagating them, and to be wary of clicking on any links in emails. They should constantly employ strong passwords, and refrain from posting company-sensitive information online without permission.
- Implement a data protection framework to ensure all suitable and robust controls are in-place for protecting sensitive data from being leaked out, which can be used as fodder to create all kinds of fake news. Confidential data residing in databases or systems need to be protected with robust access controls, and with the right level of encryption applied to ensure data integrity and confidentiality. It is advisable to implement systems to monitor and block unauthorised outflow of sensitive data, for example a Data Leakage Prevention (DLP) solution.
- Plan and conduct a fake news attack drill, to be prepared in the event of a real attack happening. This is similar to cyber war-gaming, an exercise where IT security teams conduct table-top exercises to simulate attacks, and then try to counter with corresponding responses, the results of which are measurable and can help pinpoint and improve any weaknesses found.
- Monitor unauthorised usage of your company’s name and branding out there. Unscrupulous users can perpetrate scams riding on your company’s branding and popularity. Be alert and have a strong social media presence, and respond to any negative campaigns with immediate, clear and concise responses via official channels.
Finally, as a general rule of thumb when faced with the choice of forwarding a piece of unverified news, always stop for a moment and think. The International Federation of Library Associations and Institutions (IFLA) published a guideline to assist people in recognising fake news, and it is wise to pay heed to the following:
- Consider the source (to understand its mission and purpose)
- Read beyond the headline (to understand the whole story)
- Check the authors (to see if they are real and credible)
- Assess the supporting sources (to ensure they support the claims)
- Check the date of publication (to see if the story is relevant and up to date)
- Ask if it is a joke (to determine if it is meant to be satire)
- Review your own biases (to see if they are affecting your judgement)
- Ask experts (to get confirmation from independent people with knowledge)
Combating fake news is never easy, but we can all do our small part in helping win this battle in the long term.
Chung Kim Chuen
Cyber Security Executive Director
Kim Chen (KC) is a seasoned cyber security practitioner with over 20 years of industry experience. Prior to joining Deloitte, KC was a co-founder of a boutique cyber advisory firm SecurePath Sdn Bhd.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities. DTTL (also referred to as “Deloitte Global”) and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 264,000 people make an impact that matters at www.deloitte.com.
About Deloitte Southeast Asia
Deloitte Southeast Asia Ltd – a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam – was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises.
Comprising approximately 340 partners and 8,800 professionals in 25 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region.
All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities.
About Deloitte Malaysia
In Malaysia, services are provided by Deloitte PLT (LLP0010145-LCA) (AF0080), a limited liability partnership established under Malaysian law, and its affiliates.