How to monitor social media for disinformation campaigns


Disinformation campaigns have historically represented a headache for nation states. But in recent years, threat actors have employed this tactic against a new target: businesses.

This presents a challenge for a security team. 

A well-orchestrated disinformation campaign can disrupt business operations and destroy billions in brand equity. And if left unchecked, false rumours can even endanger the physical safety of customers and employees.

But how large of a threat does disinformation actually present to businesses? And how can security teams address this issue? 

Let’s dive in.

Disinformation becomes a growing headache for security teams

Simply put, disinformation is the act of publishing deliberately false information to deceive others. For example, a conspiracy theorist may falsely accuse a CEO of operating a child sex trafficking ring. A short seller could use Twitter bots to spread false rumors about a company’s solvency in order to drive down the stock price. An unscrupulous company spreads lies about its competitor’s business practices to swipe market share.

Disinformation attacks can originate from a collection of different threat actors: profiteers, nation states, conspiracy theorists, political activists, and political extremists. 

And because these groups often share common interests, agencies often act together to coordinate and amplify their messages

Regardless of who is behind a specific attack, disinformation campaigns can damage an organization’s brand equity and expansion plans. 

For instance, security analysts have long-noted a concerted effort by America’s foreign adversaries to spread false conspiracy theories about the safety of 5G mobile networks. This campaign has significantly slowed the country’s rollout of the technology. 

In other cases, false rumors spreading online can endanger the safety of customers and employees. 

In 2019, for example, Reddit users speculated U.S. eCommerce giant Wayfair had started to operate a child sex trafficking ring. The hoax story quickly spread across social media platforms and popular fake news publications. 

Reputable media outlets quickly dismissed the story as a hoax. But given the sensitive nature of the topic, enraged internet users targeted Wayfair employees with violent threats online. 

How to address disinformation campaigns

With the severity and frequency of such disinformation campaigns on the rise, corporate security leaders need to proactive measures to protect their organizations:

Delegate responsibilities

Delegate responsibilities

The nature of disinformation attacks means it’s not always clear which department should take ownership of the issue – PR, legal, security. As a result, teams often waste time in a crisis pointing fingers at each other rather than responding to the incident. Different groups in the organization need to meet ahead of time to delegate responsibilities and share information in the event of an attack.

Monitor social media

Analysts within an organization’s security operations center should actively monitor social media to understand what’s being said about their company online. Alternatively, this responsibility could be delegated to a specialized third-party agency.

Prepare ahead of time

Prepare ahead of time

Outline your organization’s response procedures ahead of time. Additionally, it often pays to conduct incident response drills with your PR and legal team to simulate a disinformation attack. This exercise could reveal unexpected problems in your crisis response plans. Additionally, materials prepared during these exercises, such as press releases and social media posts, could be saved and reused during an actual attack.

Sentiment analysis

Sentiment analysis

Sentiment analysis attempts to analyze the underlying emotion, whether positive or negative, of what is being said about your brand online. Such analysis can serve as an early warning signal for security teams. For instance, if you see a sharp spike in negative sentiment with no obvious or apparent explanation, it could be a sign of a disinformation attack against your organization.

How to monitor for disinformation campaigns

Early detection represents the single best method to mitigate the impact of a disinformation campaign.

If you learn about a false rumor in the mainstream press, it’s too late to form an effective response. Instead, analysts have to dive into the murkier corners of the web where such attacks often originate.

Specifically, security teams should keep an eye on the following types of sites:

  • Alt-tech social networks: Alt-tech social networks, like Gab, Parler, and Rumble, have positioned themselves as leading alternatives to mainstream offerings. But because these sites have limited content moderation, rumours and disinformation can often spread unchecked. And in many cases, it doesn’t take long for stories circulating in these communities to bubble up into more mainstream media outlets.

  • Fake news sites: Fake news sites represent a collection of publications that deliberately publish hoaxes and disinformation. Some outlets run on a for-profit business model, attempting to exploit social media algorithms with click-bait headlines to drive gullible readers to their site. Others receive their funding from foreign nations, usually to undermine the credibility of domestic news organizations. Regardless, both types of sites will target businesses from time to time. 

  • Imageboards: An imageboard is a type of Internet form based on posting images alongside some text and discussion. Certain communities, namely 4Chan, represent sources of internet mischief. On numerous occasions, users have banded together to disseminate false rumors across the web in an attempt to embarrass or discredit mainstream politicians, businesses, or media outlets.

  • Forums: Analysts often find misinformation circulating first on Reddit days or even weeks before they get picked up by communities on Facebook or Twitter. Analysts should also keep a close watch on forums that cater to conspiracy-minded communities and other fringe groups.

  • Mainstream social networks: Mainstream social networks, like Twitter, Facebook, and YouTube, have attempted to crack down on fake news and disinformation campaigns. Still, the sheer size of these sites make it difficult for moderators to police every conversation on their platforms.

The future of disinformation campaigns

Disinformation has emerged as a growing headache for security leaders in recent years. 

The rise of social networks has made it cheap and easy for adversaries to spread false information. The COVID pandemic has also forced millions of people to spend more time online, increasing their exposure to fake news. 

Security leaders can expect the severity and frequency of disinformation attacks to increase going forward. 

Advances in new technologies, such as artificial intelligence, deep fake videos, and psychological profiling, will make it easier to launch increasingly more sophisticated attacks. 

And with ransomware grabbing most of the attention from political leaders at the moment, organizations can expect few efforts from Washington to address this issue.

Teams, therefore, need to proactively prepare for such threats. 

This will go a long way towards protecting an organization’s brand equity, ensuring business continuity, as well as keeping people and property safe.

Ready to learn more?

Request A Demo Request More Info