Exclusive: The rise of disinformation and corporate risk

Early last year, as the world was closing down from the COVID-19 pandemic, India’s Ministry of Tourism issued an order declaring that hotels and resorts across the country would be shuttered until 15 October 2020. It caught the lodging industry by surprise. But the order was bogus.

In 2018, a Georgia (US) Starbucks store shut down after a barista posted about how she had contaminated customer food and drinks. That, too, was false.

Nike found itself under scrutiny in 2016 when a Facebook meme claimed that the athletic company used elephant hide in manufacturing its sneakers. Again, unfounded.

And earlier this year, images of a Coke can with the words “Try to Be Less White” made the rounds on the Internet and social media. Coca Cola said the image was a fake.

Four industries—lodging, retail, athletic wear and food and beverage—and four cases of disinformation disrupting business. In fact, activists, profit-seekers, conspiracy theorists and just plain trolls have targeted and continue to target every corporate vertical and companies find themselves scrambling to disprove claims that range from the plausible to the ludicrous. In any case, misinformation, disinformation (intentional misinformation) and conspiracy theories constitute an increasing threat to businesses from sole proprietors to corporate behemoths. The threat is as old as the first jealous business competitor or aggrieved consumer. Yet the ubiquity of cell phone cameras and high speed wifi, as well as the viral nature of social media and the Internet, creates a far greater threat to brand and reputation than ever before.

Extent of the problem

In Kroll’s latest report on fraud and risk (2019-2020), which surveyed 588 risk management executives at global organisations, 27% of respondents said that “adversarial social media activity” had significantly affected them in the last year. Adversarial social media activity ranked sixth among ten enumerated security concerns, with 64% of respondents identifying it as a priority risk. It ranked above traditional security issues such as bribery, corruption, money laundering and counterfeiting.

Drawing battle lines

Security executives interviewed for this story confirmed that they are involved in their companies’ ongoing war against misinformation, disinformation, rumour, innuendo and conspiracy theories. Some of the major battles today involve demonization of COVID-19 vaccination efforts as ploys to track citizens, make them infertile, or overwrite their DNA. Many are more benign in intent, CSOs say, but can yield the same result. An unfounded fear of severe COVID side effects, for example, could do as much harm to corporate health and safety as a well-funded misinformation campaign.

The role of E-commerce

E-commerce may also be unwittingly funding disinformation. A recent article by the Brookings Institution contends that the sales of such items as t-shirts and books may be surreptitiously funding the hate and conspiracy communities. Author Patrick Jones says that while sites have scrubbed obvious items such as QAnon-emblazoned wear, clever marketers are sneaking through what appear to be unobjectionable messages and conflating them with conspiratorial totems or shibboleths. For example, according to Jones, QAnon sellers use “#savethechildren” or “saveourchildren” on clothing, decals, cups and other items as a sly reference to their belief that high-ranking Democrats and celebrities traffic children. Figuring out whether a seller is involved with QAnon or is simply decrying the general practice of child trafficking, is difficult.

But the process is more nefarious than just deceiving the shopper. E-commerce algorithms recommend products based on items previously viewed or purchased, so someone buying a seemingly benign item might receive suggestions for darker content. Social media influencers often unwittingly spread these suggestions, as do algorithms on other sites and platforms.

Fake press releases

Fake press releases constitute another front in the disinformation threat to corporations. This past April Fool’s Day, a press release bearing the letterhead of Portuguese oil company Galp pledged to cease operations in northern Mozambique for the sake of embracing a “100% renewable future.” It said the company would pay local communities for the disruption it had caused and would create thousands of “new decent jobs against the Galp world.” Whether the timing was intended or not, Galp issued no such release, nor did it intend to pull up stakes on its Mozambique operations, pay restitution to communities, or create new jobs.

Last year, the Grand Hyatt in Seattle purportedly issued a press release saying that it would offer its hotel to shelter the homeless from the dense smoke pervading the area from nearby wildfires. Protesters gathered around the hotel as a result of the ruse, putting the Hyatt in a precarious position as some activists clamoured against the supposed decision while others scolded the hotel for not protecting the homeless when the deception was cleared up.

Jokes and humour

Jokes and political humour can also be misinterpreted and damage brand value. While there is no indication so far that Hobby Lobby craft stores suffered any harm, this past July a meme that accompanied the chain’s logo declared that Hobby Lobby would serve Christian customers only. Coming on the heels of a newspaper advertisement it had placed that endorsed a Christian-led government, the meme didn’t appear far-fetched to all observers.

Sometimes it’s difficult to distinguish satire from slander. About a decade ago, McDonald’s had to discredit rumours that it could legally claim that its hamburgers were 100% beef only because the fast food company purchased its meat from a company called “100% Beef.” These sorts of pranks, memes and tongue-in-cheek attacks bedevil brand names such as McDonald’s, Coke and Disney.

Fighting back against disinformation

In such an asynchronous environment where threat vectors are diverse and adversaries can come from anywhere, defending your organisation requires vigilance and savvy. A previous article of mine that ISJ published earlier this year discussed the benefits and pitfalls of monitoring staff social media accounts. But other strategies exist.

As with all security issues, thwarting disinformation starts with a risk assessment. At minimum, that analysis should delve into likely adversaries, controversial or hot-button issues related to the organisation, company services or products, geographic presence, reputation and branding aspects and social, political and religious stances taken by the organisation. The assessment should take into account factors such as industry, location, size, influence, corporate leadership and so on.

Some companies have created disinformation ambassadors to address concerns of both staff and outsiders. For example, some construction companies have teams that work with local communities in their own languages or dialects to discuss COVID-19, vaccination and mask policies. Many companies have stood up consumer-affairs departments to keep in close communication with customers and receive early warning of rumours or pending negative publicity. Brand names such as Starbucks, Coca Cola and Disney have histories of battling disinformation that long precede the digital age and use the power of their strong brands to extinguish rumours. For example, Coke refuted claims that Dasani water was infested by parasites in a widely disseminated statement.

Of course, once a rumour emerges it may be too late. When E-commerce merchant Wayfair faced accusations that it was trafficking girls in the high-end cabinets it sold, users bombarded the CEO with hateful messages, tried to short Wayfair stock and doxed employees. So companies should prepare a strategy in advance, along with specific communication channels, messages and responses. Yet companies should keep in mind that responding to a rumour might just as likely squelch the accusation as ignite it, resulting in more negative exposure for the company.

Many organisations monitor social media and the internet for mentions of their name or names of their executives. Specialty firms exist that scan these sites, prowl the dark web and otherwise mine for negative or troubling messages that might affect or relate to their company. Some services develop reports, newsletters, or updates for their clients documenting such information and identifying trends that could eventually cause problems.

Brand attacks have a long track record predating the internet, television and even the printed word. The Internet Age makes disinformation a more pernicious and powerful threat than ever before and requires a dedicated effort to manage that risk.

By Michael Gips, JD, CPP, CSyP

Michael Gips is the principal of Global Insights in Professional Security, a firm that provides strategic advice, content, brand awareness and business development services for corporate security executives, security firms, academic institutions and association. A frequent presenter, Mike has published more than 1,000 articles on a broad range of security and risk issues.

You can connect with Michael on LinkedIn here