The rise of disinformation and its impact on organisations

Of the biggest risks organisations face is the rise in disinformation. The primary distinction between disinformation and misinformation lies in intent - misinformation involves unwittingly sharing inaccurate information, whereas disinformation involves the deliberate dissemination of false information with the intention to manipulate.

In today's security landscape, automated disinformation spreads rapidly and extensively, becoming challenging to trace. International SOS, regional security manager, Bala Selvam, shares his perspectives and tips:

In the heightened geopolitical risk landscape of 2024, AI-led disinformation stands as the biggest short-term threat, recognised by the World Economic Forum. Social media platforms, including TikTok and Instagram, serve as conduits for manipulating global sentiments, influencing protests, and shaping electoral campaigns. In 2024, dubbed the year of elections with over 60 contests looming, the imperative to identify and halt the propagation of disinformation is crucial.

With a growing reliance on data-driven decision-making, organisations tackling disinformation in the pursuit of global growth face intelligence gaps. Venturing into emerging markets necessitates robust risk management systems. It is crucial for businesses to ensure that personnel navigating culturally diverse markets are well-informed and supported.

Inadequate support not only incurs costs but jeopardises employee safety, compromising the duty of care crucial for talent retention in the competitive global arena for skilled professionals.

AI and disinformation

The influence of AI introduces a dual-edged sword for organisations, offering unprecedented opportunities and potential pitfalls, with disinformation emerging as a significant concern. As technologies advance in generative AI, including text generators, deepfakes, and sophisticated algorithms, malicious actors find increasingly potent tools to fabricate and disseminate misleading information on an unprecedented scale.

Subscriptions to AI generators for text, video, imagery, audio, and coding can now cost as little as US$125 per month. The ease of access to AI advancements has also incentivised bad actors to use AI tools for fraudulent purposes.

Generative AI programmes, such as VALL-E and Midjourney, can be maliciously used to clone vocal patterns, create audio files, and fabricate images. When these AI tools are deployed to mimic human-generated content seamlessly, it often blurs the line between authentic and artificial, with few able to distinguish deepfake videos from authentic content.

In 2019, scammers used an AI-generated voice clip of an energy group CEO to direct the CEO of its UK subsidiary to release over US$330,000 to a fictitious Hungarian supplier. This trend is supported by a survey by Regula, revealing that 37% of organisations globally have experienced some kind of AI-generated identity fraud.

Consequences of being misled

While financial decisions benefit from advanced assessment tools, risk management professionals encounter hurdles in battling information gaps against verified intelligence in emerging markets, especially when it affects their business traveler’s safety.

Prioritising leaders' safety during business expansion is vital. Disinformation can lead to miscalculated risks, impacting travel policies and safety support plans. In 2023, an Australian project team of specialist engineers faced armed robbery at their accommodation during an overseas government project in a Pacific island, resulting in injuries, loss of valuables, and eventual repatriation.

The incident eroded confidence in the employee support system, causing significant project delays as professionals demanded a proper risk assessment along with enhanced safeguards and a robust support plan before deployment. This incident ultimately damaged the vendor’s reputation and their client relationships. A robust risk management plan must identify foreign business risks, ensuring secure accommodation, appropriate transportation, and comprehensive response plans.

The absence of precise information hampers educating business travelers on risk management, compelling hasty reactions and heightening exposure. Downplaying risks neglects employee protection, risking health and safety. Misguided corporate decisions fueled by disinformation can impact finances and disrupt continuity. Access to validated multi-modal intelligence from industry experts, considering benchmarks and organisational nuances, prevents generic risk controls.

The challenge of AI-led disinformation

Organisations may struggle to sieve out accurate information due to the vast amount of AI-generated disinformation content, and with the help of deep machine learning, the technology’s advancements might continuously evolve to be ahead of the development of risk controls.

Falsehoods are also more likely to spread farther, faster and deeper than true information. False news reports are 70% more likely to be retweeted than true news stories and reach a viewership of 1,500 people six times faster. This results in disinformation from AI blending in through the normal, spontaneous action of social media users in retweeting and sharing posts, according to a study by the Massachusetts Institute of Technology (MIT) Media Lab in 2019.

In November 2022, many news outlets rushed to report and propagate the initial news alert by the Associated Press (AP) that Russian missiles have crossed into NATO member Poland, killing two people. Shockwaves on a potential global conflict reverberated across the world before the reported news was corrected by AP. However, by then, several news outlets and social media have picked the inaccurate news and repeated it on their own platforms. Prioritising accuracy over speed is crucial in business, but the pressure to react quickly often hinders organisations from allocating sufficient time to verify the authenticity of the shared content.

How to do it

Detecting AI-generated disinformation demands constant vigilance and a multimodal monitoring system. The initial layer, often automated AI, manages the sheer volume across social media and news platforms, scanning, aggregating, and flagging suspicious content.

The second layer involves human analysts investigating and analysing flagged content against verified sources. Sources like national newspapers and industry experts often act to corroborate and validate the authenticity of potential malicious content.

Cultivating a critical culture among employees and training them in tools such as Google's Reverse Image Search, is the next crucial step. Responsible AI integration safeguards against deception, requiring organisations to fortify defenses with a three-pronged comprehensive plan consisting of a robust monitoring system, a critical thinking culture among its people, and partnerships with verified intelligence sources and industrial experts.

For organisations initiating this risk management journey, focus on identifying vulnerabilities in current work systems. Begin by assessing critical assets with monetary value, adopting the perspective of potential perpetrators.

Malicious actors often exploit vulnerabilities to seek high financial gain with minimal efforts, whether through holding valuable data for ransom, threatening reputational damage or committing identity fraud targeting payment systems.