Skip to content
Are you guarding against corporate catfish?
In today’s world, security of people and buildings is given huge focus.
But what about the risk of reputational damage?
For this Perspectives article, Director of Operations, Mitie Intelligence Services, Joey Hills (pictured), delves into the world of activist groups and faceless online threats.
As an expert in corporate espionage, Joey believes organisations need to be better prepared for malicious acts that can leave reputations in tatters.
Threats to the organisation’s CEO are coming thick and fast.
A shadowy group of ‘activists’ is plotting to compromise digital security and threatening a violent attack, with a warning to be careful outside the global headquarters.
They also claim to have damaging information about business dealings and insider company information, such as faked sustainability credentials and poor employee welfare. These details will shortly be released to the world, potentially ruining the reputations of both the individual and the organisation.
This was an actual threat, dealt with by me and my colleagues at Mitie Intelligence Services. We couldn’t discount what the threat actor was claiming, but further investigation quickly identified there was no real danger to the CEO, or to their organisation. Rather than activists poised to bring down a high-profile business leader, the threat stemmed from an individual, who was posting alone, thousands of miles away. The person’s motive was little more than mischief and disruption.
Such a scenario isn’t particularly unusual. To borrow the popular term for when someone purposely deceives online, this was what you could call a ‘corporate catfish’. And in my opinion, today’s organisations could be doing more to mitigate against such activity.
Reputations on the line
It’s easy to think of security in solely physical terms: fences, gates, locks, trained personnel and so on. These are essential to look after people, buildings and assets. However, in today’s world, organisations must account for more than physical security. What about the profile of senior figures? Or corporate reputation? Increasingly these are being exploited by threat actors with a range of motivations.
The source of these types of threats tends to be activist groups, who have attached themselves to a cause. The eco group, Extinction Rebellion, is a good example. To compound the issue, we know conspiracy theorists are also numerous throughout the activist community; those who may be anti-vax or promote misogyny, for example. These groups thrive on propagating disinformation, sowing social discord and trying to influence alternative world views.
The tactics used often vary. They can make direct threats with no intention of following through, all just to waste time. Similarly, they might appear to have organised actions against a city centre, airport or corporate premises to which no-one actually turns up. This can still create disruption and waste the time of Police and other agencies.
Remember ‘two tier policing’?
Coming back to reputational damage, these groups, along with opportunists or other social disruptors, may also spread disinformation. This can be picked up and spread very quickly across social media by others who don’t realise the information is incorrect. A recent example is claims of ‘two tier policing’, which gained traction during far-right riots in British towns and cities. This followed the tragic attack in Southport last summer. Such disinformation can create mass social and economic instability, and in this instance, planted the idea that Police are not on the side of the general public.
Organisations are vulnerable to the destabilising effect of such action. Similar activity can happen on a global scale with the involvement of malicious states. They may have a vested interest in creating instability elsewhere, with direct impacts to the economy and even voting behaviours. We know that foreign bot farms are very real and place high volumes of spurious social media posts to undermine the interests of Western economies.
The artificial intelligence ‘Wild West’
AI is impacting so much of our world – and that includes threats to organisations. The pace, scale and adoption of AI development has made me and the world sit up and take note. After all, AI imagery and video deepfakes are extremely convincing. In the wrong hands, AI can be weaponised to create confusion and division.
As the technology is moving at such a pace, there is currently no general statutory AI regulation in the UK. We have signed an international treaty that addresses AI risks, but its impact is unclear. So, anyone with the right tools could generate an image or video depicting something with a false narrative that may shape social behaviours, such as the assassination of a public figure. If distributed, that video or image could at least heighten public anxiety – and at worst spark civil unrest.
We’re at the dawn of AI, so the legislative grey area is understandable to an extent. I believe we should avoid a ‘Wild West’ scenario and put some kind of governance in place at organisational levels in the spirit of preparedness. That could be an overseeing body or enforcement of legal standards. A challenge for social media platforms is to identify and highlight to users when content is AI-generated. A simple sign to verify AI origins would be a good place to start. It’s concerning that recently one of the largest social media organisations has announced it will be reducing third party fact-checking to filter out disinformation (deliberately false) and misinformation (mistakenly false). That makes a more fertile environment for inaccuracies and untruths to spread.
Employee screening
While most organisations aren’t protected enough against disinformation, they are acknowledging the need to better understand their employees. For example, people being recruited into the gas or energy sector will likely be screened for signs of affiliation to extreme eco-activism. Likewise, those who are found to have participated in far-right activity would have to be carefully considered for positions where such beliefs could be problematic. All of this is with the intention of minimising insider risks and threats. Mitie Intelligence Services is experienced in this area, while fully adhering to privacy laws. It’s about enabling a company to better understand candidates and any potential risks. They can then make an informed decision.
Wake up to new threats
Today’s organisations require protection for physical assets, as well as against those who wish to undermine their reputation, profitability and market position. To safeguard the latter, I believe there should be more awareness of how much is at stake.
First steps to safeguard your organisation
With years of experience in corporate Intelligence Services, I have three recommendations for organisations that want to get ahead of the threats.
Firstly, seek out intelligence support, so that you can identify and monitor your risks. Whether in-house, or external, organisations should have access to a team that provides intelligence from credible sources, with credible analysis of information and data. This can shape an appropriate response.
Secondly, be mindful of your sources. Make sure that you have governance in place to verify information, corroborate intelligence and mitigate the confusion caused by misinformation and disinformation.
Thirdly, work collaboratively within your organisation to produce communications that will reduce colleague anxiety from what we sometimes call ‘information disorder’. In times of crisis, it’s important to have appropriate decision makers and escalation paths in place.
Finally, remember that while threats to reputations in today’s landscape are ever-present, corporate intelligence is more than capable of overcoming them.
Do you agree with Joey? Tell us what you think by emailing: [email protected]
Read next
Mitie’s Security Radar reveals key industry challenges
New research from Mitie, the UK’s largest security provider, reveals that a quarter (24%) of security decision-makers are not sure which upcoming legislation will impact their organisations. The survey of over 100 senior security…
Four steps to overcoming the retail crime epidemic
The headlines pull no punches. In recent weeks, coverage of UK retail crime has included: I’ve been considering what needs to be done to bring the surge in shop theft under control. There is…
The Science of Service Podcast: Beneath the tip of the security iceberg
What’s your reaction to the word ‘security’? Perhaps it triggers thoughts of guards outside shops and buildings. Or maybe the queue before you get to purchase duty free bargains in the airport. The truth…