For the past few years, we’ve watched how cultural and societal movements that originate and gain momentum in cyberspace can spill over into the real world, with real consequences for organizations.
The pandemic has accelerated the process after lockdowns around the world evaporated in-person social activities and skyrocketed screen time — creating a captive audience of billions for online influencers.
Digital advertising budgets are now reaching all-time highs, outpacing traditional channels. New apps and algorithms are being created every day to hyper-personalize and target content. Social media platforms have become even more influential, even as people have become savvier about using them and more skeptical about the information shared there.
We’re blurring the lines between physical and digital, and the effects are playing out today in some startling ways. Earlier this year a critical mass of retail investors targeted the over-shorted stock of GameStop, a fixture in malls everywhere a decade ago. The group had come together via the social media service Reddit, in a subgroup called WallStreetBets.
The movement turned into an economic and cultural frenzy. The stock soared from $20 to almost $500 at one point. Major hedge funds with bearish positions experienced losses in the billions. Retail investment app companies took the astonishing step of restricting trading of the stock.
The WallStreetBets subgroup has since swelled from 2 million to more almost 10 million members —essentially becoming a crowdsourced hedge fund with potentially billions in assets of its own.
The GameStop spectacle began just weeks after thousands of rioters stormed the U.S. Capitol, having used apps like Twitter, Parler and Facebook to build momentum, organize and coordinate their activities.
So far in 2021, we’ve seen massive transfers of wealth, political theater with life-altering consequences, and online activism spilling into the streets worldwide.
I first learned about the power of crowdsourcing and online influence in the late 1990s when the Sri Lankan Tamil Tigers organization used the power of the web to coordinate a physical, real-world attack against websites owned by the Sri Lankan government. At an appointed time, all the group’s members and supporters around the world logged onto specific sites, crashing them.
This weaponization of the internet was groundbreaking at the time and an early instance of what would become a recurring theme of cyber disruption in the decades to come.
In the security industry, we usually talk about the proliferation of applications as an expanding technology footprint that can be targeted for cyberattacks. But to truly secure an organization in this environment, we have to be thinking beyond that.
It would be hard to overstate the massive influence wielded today via the ever-expanding number of social platforms. These services provide anyone with the ability to build an enormous audience, sometimes overnight. One TV pundit’s brother recently gained nearly half a million followers on Twitter after a memorable tweet. More than 1.2 million people are following the daughter of a former White House aide on TikTok.
When you have that kind of a crowd, and an app that allows you to speak to everyone at once, you can weaponize it pretty quickly. The larger the audience and the greater an influencer’s reach, the faster these things can happen and the more dramatic the risk can become. And if multibillion-dollar hedge funds can be targeted — companies whose entire business model is built on calculating risks — then anyone can.
This idea of unseen risks caused by online influence is only going to become more critical as the advertising industry becomes hyper-personalized and much more sophisticated in its use of data. The infrastructure for this movement is being built on HTTP: trackers, cookies, referrals.
As more services and assets move online — as more things are SaaS-ified — our hybrid lives will create surprising loopholes in the real world that may have consequences for individuals, organizations and institutions.
And when influence can target you specifically in this new app economy, with a deep knowledge of who you are, we’re going to see more of these crowdsourced movements and new types of attacks and fraud that go well beyond clicks and credentials.