Learn

January 22, 2025

5 Minute Read

What Is Disinformation Security?

By Joe Hertvik

Whether you call it misinformation, malinformation, or fake news, everyone instinctively knows what disinformation is and understands how it can disrupt and destroy personal or organizational wellbeing.

Let’s take a deeper look at disinformation and how it’s creating an emerging technology category called disinformation security that aims to counter disinformation threats.

What is disinformation?

According to the Cybersecurity and Infrastructure Security Agency (CISA), disinformation is inauthentic content that takes three forms (PDF):

Misinformation: False information that is communicated and spread, regardless of its intent to deceive. Misinformation misleads.
Disinformation: False information that is intentionally crafted and spread to deceive. Disinformation deceives.
Malinformation: Factual information that is taken out of context and presented to cause harm. Malinformation sabotages.

Even though it encompasses three forms, inauthentic content is commonly referred to as “disinformation”.

(Image source: CISA PDF.)

Types of disinformation

The table below outlines several types of disinformation. Each type hurts people and organizations in different ways — spreading false stories, ruining reputations, enabling criminal activity, prompting cyberattacks, stealing money, impersonating trusted entities, and more.

Disinformation Type	How It Works
Cheapfakes	Authentic (real) video and audio clips are slowed down, sped up, or shown out of context.
Deepfakes	Inauthentic (false) video and audio clips are generated to deceive. Audio deepfakes simulate other people’s voices. Video deepfakes feature recognizable faces and full-body video of people, places, and things.
Forgeries	Forged artifacts use faked certificates, logos, social media posts, and other material for malicious purposes. Frequently posted alongside authentic content, forgeries may be promoted as “leaked” material to appear more credible.
Phishing, Vishing, and Smishing	Techniques to trick or lure users into disclosing sensitive, confidential, or personal information. Phishing uses proxy (fake) websites and deceptive email to get users to disclose information. Vishing uses voicemails or phone calls to trick users into information disclosure. Smishing uses fraudulent text messages to collect user information.
Proxy websites	Fronts for malicious actors, proxy websites launder disinformation about high visibility events and inauthentic content, to deceive or take advantage of unsuspecting visitors. They may impersonate legitimate sites with URLs containing minor changes to popular web site names (ex.: providing a URL of sp1unk.com to trick users into thinking they are accessing splunk.com).

Disinformation vs. cyberattacks: what’s the difference?

There is some overlap between disinformation and cyberattacks, but they represent two different security threats.

Cyberattacks hack and target computer infrastructure — these attacks are digital by nature.

Disinformation campaigns target our biases, psychological vulnerabilities, critical thinking skills, and confidential knowledge to do several things, including:

Steal critical confidential information including financial information, login credentials, and personally identifiable information (PII).
Influence and change individual behaviors regarding thoughts, opinions, and beliefs.
Galvanize individuals, groups, communities, governments, and societies to disrupt their harmony and to target perceived enemies.
Impersonate individuals and organizations to cast aspersion, damage reputations, and cause financial, ethical, or legal issues.

With increased artificial intelligence usage, disinformation campaigns are expected to grow in frequency and sophistication — making them more effective and dangerous.

What is Disinformation Security?

An emerging technology category called disinformation security aims to counter and mitigate disinformation threats. One of Gartner’s 2025 Top 10 Strategic Technology Trends, disinformation security is designed to help identify what can be trusted. Disinformation security has three goals:

Create systems that ensure accurate information.
Verify authenticity and prevent impersonation.
Monitor the spread of harmful content.

These goals are designed to help organizations and individuals avoid being misled, manipulated, or harmed by disinformation.

Areas of disinformation security

Gartner identifies these core detection, prevention, and protection areas for disinformation security.

Deepfake detection includes GenAI and digital forensic technologies that discern legitimate (real) content from inauthentic (artificial) content.
Impersonation protection: Holistically evaluating behavior to validate authentic actions and to provide assurance of the integrity and origin of any content.
Reputation protection: Stopping bad actors from targeting an organization by tracking their operations, influence, and infrastructure.

By 2028, Gartner estimates that 50% of all enterprises will adopt products, services, or features that specifically address disinformation use cases. That’s up from less than 5% of organizations that adopted these products in 2024.

Solutions for Disinformation Security: technology, people, and processes

Unfortunately, there is no overarching suite of innovative technologies that by themselves will stop or mitigate all disinformation campaigns. Current technologies and services that may be able to identify and counter disinformation include:

Bot protection: Mitigation and management techniques to identify, prevent, and block bot attacks, such as man-in-the-middle attacks, phishing, and account takeovers.
Deepfake detection solutions: Detect modification and alteration to images, video, and audio by using forensic analysis tools; blockchain analysis; digital watermarking; and more.
Fact checkers: Identify, extract, and assess the truth of claims presented in textual content.
Identity verification: Protection against identity impersonation using deepfakes, synthetic media and other attempts to bypass identity and access management (IAM) systems.
Phishing detection: Identifying and detecting sophisticated phishing attacks in email and other mediums.

A technology and systems-based approach can help prevent disinformation attacks, particularly when paired with Gen AI, digital forensic techniques, and other detection and response methods.

However, technology alone is not enough to ensure disinformation security. Your approach should also be paired with organizational and individual responses to disinformation attacks, including:

Disinformation awareness training

Educating users on how to spot, avoid, and respond to disinformation campaigns. CISA estimates that 90% of successful cyberattacks start with a phishing email.

Elevating disinformation awareness — especially among the most vulnerable populations — can significantly cut down on successful disinformation attacks.

Cross-functional protection

Aligning technology, people, and processes from across the organization to reduce, spot, and respond to potential and successful disinformation attacks. Organization-wide disinformation response teams can include executives, enterprise security, marketing, financing, public relations, human resources, legal counsel, and more.

Just as organizations create disaster recovery plans for business outages, you could create a separate response/security plan for a disinformation crisis. Planned cross-functional response plans can help prevent disinformation from damaging organizations.

The disinformation arms race

Like disinformation campaigns themselves, the effectiveness of disinformation security technology, people, and processes will only increase with artificial intelligence techniques. Disinformation security vendors and users will be continually modifying their defenses while disinformation providers will continue to refine their campaign tactics.

And both disinformation offense and defense will occur at AI speed. The disinformation arms race has intensified.

See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.

This posting does not necessarily represent Splunk's position, strategies or opinion.

Joe Hertvik

Joe Hertvik owns Hertvik & Associates, an IT infrastructure and marketing management consultancy. Joe provides contract services for IT environments including project management, data center, network, infrastructure and IBM i management. His company also provides marketing, content strategy and content production services for B2B IT industry companies. Joe has produced over 1,000 articles and IT-related content for various publications and tech companies over the last 15 years. Joe can be reached via email at joe@joehertvik.com and on LinkedIn.

Learn 4 Min Read

Observability-Driven Development Explained: 8 Steps for ODD Success

Learn about observability-driven development (ODD) and its benefits for modern software systems. Implement proactive practices for enhanced performance.

Learn 6 Min Read

Active vs. Passive Monitoring: What’s The Difference?

Active and passive monitoring: which one is for you? Let’s look at the two methods, along with their use cases, data volumes, and control over the data.

Learn 9 Min Read

Disaster Recovery Planning: Getting Started

In this post, we'll discuss a framework and steps for creating a disaster recovery plan, so you can stay resilient over the long-term.

About Splunk

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.

Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

Learn more about Splunk