The changing face of cyber security in a post-truth world

In order to survive, humans must meet certain basic needs, namely food, water and shelter. In a similar fashion, society must be able to assume certain things to maintain its health, and one of these things is honesty.

People depend on politicians to tell them the truth about their policies, so that they know what they’re voting for. The population depends on journalists to tell them the facts about current affairs, so they are not misled in their attitude towards society. People depend on their circle of friends and family to be honest with them, in order to create stable and meaningful relationships.

A single lie can dismantle an entire network of trust, and with the much publicised dishonesty in politics, ‘fake news’ and corporations in recent times, the floodgates of distrust have well and truly been opened.

>See also: How businesses can cope in a post-truth world

The problem is that in the current climate, people don’t know who to trust. In 2016, over a quarter of 18-24 year-olds in a Reuters and YouGov survey cited social media as their main source of news.

With the proverbial buffet of content and news sources available online, it is no wonder people are resorting to social filtering techniques in order to decide what to consume. This attitude however leaves us pondering a very serious question: are we seeking the truth, or are we guided by what appeals to us?

Welcome to the post-truth era

Post-truth was the Oxford Dictionary’s ‘Word of the Year’ in 2016, representing the eroding influence of objective facts on forming public opinion. There is little doubt about the global shift in state of mind, and the main catalyst for this has been the internet.

Data is stored in vast silos, in innumerable quantities around the world, as organisations become increasingly digitised. Business is conducted through email, transactions are processed through the internet, and people continue to access their preferred media online.

While the world-wide-web has provided billions with a platform for free speech and commerce, with this freedom comes increased opportunities for deception.

Criminals can hide behind spoofed emails and social media accounts, proxy servers and various other illusory techniques, and cybercrime is finding its place with relative ease in the post-truth era.

This is taking its toll on enterprises of all sizes. Recent research from Proofpoint across over 5,000 enterprise customers found that Business Email Compromise (BEC) attacks had increased by 45% in the last three months of 2016, two thirds of which used spoofed email domains to trick their victims.

>See also: ‘Alternative facts’: how to get out of this mess

The attention the ‘post-truth’ era has garnered, has merely exposed a fundamental facet of human nature – that every single person has the potential to make irrational decisions.

As people continue to consume information based on mistruth, they are revealing to those cybercriminals that all they have to do is appeal to the basic human instincts, like curiosity, routine, or subservience to authority – if they can learn enough about individuals, then they are bound to fall to their persistence.

Simply put, due to the weaknesses present in human nature, governments and enterprises cannot rely on us, human beings, to identify malicious emails and online content. All it takes is one unsuspecting employee and a company could lose millions to a BEC scam.

Planning an effective counterattack

Training in cyber security for employees has been beneficial to some extent so that most are at least conscious that they are being targeted, however due to the aforementioned weaknesses, relying on training and common sense is a ticking time-bomb.

Cybercriminals are learning to use more and more sophisticated techniques aimed at taking advantage of human behaviour, and where most of us are now unlikely to click on an email promising to make us a fortune, would people demonstrate the same wisdom with a link baiting them to read some less-than-likely newsflash about a controversial politician?

Business leaders today need to re-evaluate their security approaches to reflect the new world in which they’re living. They need to ensure they have a holistic view of their current security practices, supported by policies and tools that reflect changing human behaviour. And most importantly, there needs to be tight integration with email authentication and protection technology that can safeguard ingoing and outbound communications.

If a CEO trusts their workforce to discern the authenticity of emails, who is to say their employees wouldn’t be just as naïve? Last year’s breaches at companies including Three Mobile, Tesco Bank and TalkTalk should act as a stark warning to British businesses – unless they act quickly, they risk serious repercussions to their bottom line, customer relationships and brand reputation.


Sourced by Rob Holmes, VP of products at Proofpoint

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security