January 10, 2024
InsightsWeaponization of Information: Lessons Learned in 2023 and What to Expect in 2024
As we say goodbye to 2023 and look ahead to 2024, it’s clear that organizations are facing more risks online than ever before. In 2023, we saw countless examples of disinformation, misinformation, and social media manipulation becoming breaking news stories—including the collapse of Silicon Valley Bank, the Pentagon explosion hoax, allegations surrounding the Maui wildfires, and the Israel-Hamas war. The information environment forced organizations to navigate time-sensitive crisis situations involving weaponized and manipulated information.
When talking with our customers, we’ve found that traditional methods of monitoring mainstream platforms through social listening tools are no longer sufficient in helping enterprise decision makers understand their vulnerabilities.
You have to proactively defend your organization across multiple dimensions. Weaponized information targets your brand, customers, employees, and investors by creating risk brand, security, regulatory, and business continuity risk. In 2023, more platforms emerged and more actors adopted these tactics, creating more exposure for organizations. To mitigate this threat, your team needs tools that can rapidly identify attacks and help guide the organization through proactive risk mitigation. As organizations build out their crisis management capabilities for 2024, its important to understand how the information space changed in 2023, how threats continue to evolve, and what will impact you going forward.
If the state of social media platforms seems chaotic, unpredictable, and conflicting– that’s because it is. 2023 saw major layoffs across the tech industry, including at social media giants like X (formerly Twitter), Meta, and YouTube. As the companies shed jobs, many teams responsible for content moderation— i.e. combatting mis and disinformation—were critically reduced in size. With less capacity to proactively identify nefarious activity, companies and individuals have higher risk profiles.
New platforms also emerged and gained traction in 2023, particularly federated platforms, especially Mastodon and Bluesky. Federated platforms offer a more personalized social media experience, allowing users to join servers based on their interests and location, and creates another set of platforms for users to post content and for risks to emerge. Trust and safety responsibilities are delegated to the admin of the server, decentralizing responsibility.
Without a standardized set of “rules for the internet,” it’s critical that organizations have the tools and knowledge to navigate new and dynamic social media ecosystems. To navigate a variety of nuanced, and often unknown, risks, you need to understand where your stakeholders are getting their information, what platforms they’re using and how they may be targeted, and how that activity impacts your business.
As we enter 2024, the packed election calendar, meteoric rise of generative AI, increased foreign influence attempts, and emergence of new threat vectors have us wary. Issues that could have been ignored in the past now stand to directly impact companies’ customer bases, supply chains, employees, and brand and reputation. Knowing when to speak up, when to stay silent, and when to bring others into the fold will go a long way in addressing challenges before they become crises. Here’s what Alethea is tracking in 2024 and why we strongly believe that investing in the right tools and solutions will save you time, money, and resources:
Although election season kicked off well before January, expect the intensity to be turbocharged in 2024. In the past, we’ve observed the targeting of individuals and companies that have associated themselves with candidates, parties, or the elections more broadly through offline meetings, protests, and boycotts—and we expect that to continue in 2024.
The challenge to navigating politics and election cycles is finding a balance between staying true to your organization’s ethos while not becoming a target of conspiracy groups and other foreign and domestic threat actors. Organizations will face both internal and external pressure, with employees and customers expecting them to stand up, speak out, and advocate for the people and issues that matter to them. To do so, you’ll need intelligence tools that empower you to navigate sensitive, hot-button issues by helping you understand your workforce, where your consumers and employees are getting their information, and how they will react to different types of corporate activity. Success will improve precision of crisis management playbooks, accelerate enterprise decision makers through these sticky situations, and build trust in leadership.
2023 was a giant leap for AI and we anticipate a substantial increase in bad actors using generative AI technologies to conduct disinformation campaigns. AI will enable these actors to enhance both the volume and sophistication of their operations, making it even more difficult for leaders to be proactive and nimble. Driven by AI and machine learning (ML), Artemis leverages unique data sources across the open web to provide decision makers with a comprehensive understanding of the unknown risks impacting their customers, shareholders, and employees. We have entered an era where, to stay competitive from a threat intelligence perspective, every organization and company with an online presence needs to invest in AI-driven systems that can detect threats at scale.
During the last year, state actors evolved their tactics and engaged in new lines of influence efforts, including the targeting of private sector entities. We identified the first instance of Spamouflage Dragon, a persistent campaign linked to the Chinese government, appearing on the U.S. alt-platform Gab. Within that network, Alethea detected activity intended to weaken public support for expanding rare earth mining in the U.S.—a strategic issue for both countries given China’s near monopoly on the supply of rare-earths—a critical component of both consumer electronics and military technologies. The targeting of companies or entities that Beijing perceives as challenging China’s global market dominance in a specific industry is a common Spamouflage tactic, and a threat that private sector entities need to take seriously.
We expect heightened efforts to run influence operations against key stakeholders, target perceived enemies—both in the public and private sector—and to sow discord in strategic domains like the U.S. economy and democratic institutions.
Falsified AI-generated content, misleading narratives, or information taken out of context impacted financial markets and shareholder value. During the Silicon Valley Bank crisis in March, Alethea detected influential conspiracy communities promoting misleading narratives that furthered the panic that ultimately led to the bank’s collapse and contributed to uncertainty around the broader U.S. financial system. In May, a viral AI-generated image that depicted an explosion near the Pentagon briefly sent stocks lower in possibly the first instance of an AI-generated image actually moving the market. Alethea found that the false narrative likely gained traction in part due to a conspiratorial pro-Russia account on X that was promoting the explosion and looking to influence our financial system. According to the World Economic Forum, on average more than 25 percent of a company’s market value is directly attributable to its reputation, confirming that corporate reputation has an appreciable impact on a company’s bottom line. Threats that impact reputation, and therefore market and shareholder value, are the new norm. But the warning signs exist—you just need to know where and how to look.
The current digital landscape is becoming harder to navigate. As we head into 2024, decision makers across all functions—communications, legal, physical security, and cyber—need to revisit their playbook for crisis management.
The key to effective crisis management lies in advanced threat detection systems that provide insights into the vulnerabilities of key assets like customer loyalty, employee safety, or brand and reputation. This means monitoring across the open web to triage threats before they materialize and guide response actions in time to prevent damage and loss. When making the case to leadership you need tools that cover a variety of threat vectors and can be tailored to the specific needs of different stakeholders within an organization. As these threats persist and continue to evolve, the scope of protection must evolve as well. Investing in advanced threat detection and response capabilities has become a strategic imperative for the C-suite to protect brand, revenue, and access to current and new markets. Leaders have a choice: implement these kinds of tools to augment their risk mitigation efforts, or fall behind.
