This is the second in a series of blog posts about cybersecurity to mark Cybersecurity Awareness Month in October.

The 2022 Threat Landscape Report published by the European Union Agency for Cybersecurity (ENISA) highlights the spread of disinformation as one of the top eight cybersecurity threats. The U.S. Agency for International Development (USAID)’s Disinformation Primer defines disinformation as information that is shared with the intent to mislead people. As the world becomes more digitally connected and as digital technologies become more integrated into different aspects of daily life, it is important to understand the impact of digital disinformation. For example:

• Disinformation can cause people to stop trusting the institutions and systems that assist them in exercising their fundamental human rights.
• Citizens who do not trust their electoral systems will be deterred from exercising their right to vote.
• Business owners who are hesitant to use digital technologies will find it harder to earn a good income.

Increasing the ability of individual citizens to identify and counter disinformation allows them to participate more safely and confidently in civic, political, and economic life. When people understand how to keep themselves safe online—such as identifying false news outlets and not engaging in phishing or scams emails—then they have the knowledge and ability to control how they interact with the technology they use to achieve their goals.

Political Challenges: Addressing Vulnerabilities in Cyberspace During Elections in Indonesia

Elections can be a tumultuous time of political transition, especially during the campaign stages leading up to voting day which is particularly vulnerable to the spread of political disinformation on social media and cyber attacks on election infrastructure. During the 2019 elections in Indonesia, digitally altered images of then-Presidential candidate Joko Widodo spread throughout social media, accompanied by hoaxes from illegitimate newspapers claiming that he made deals with China for ownership over Java and Sumatra. Indonesia’s State Intelligence Agency reported that in 2019 more than 60 percent of social media content on Twitter, WhatsApp, and Facebook contained hoaxes. In addition, cyber attacks targeting election institutions shut down Indonesia’s official elections websites, which contributed to an enabling environment for citizens to begin doubting the integrity, transparency, and capacity of their governing institutions. Demonstrating the power and reach of the emerging “disinformation-as-a-service (DaaS)” industry in promoting cyber information warfare, national and international companies, political candidates, criminal organizations and other geopolitical actors have hired cyber trolls known as “buzzers”—including during the 2019 general election—to sway public opinion, contribute to political destabilization, and provoke civic unrest.

In this digital age, cybersecurity literacy is necessary to help people more safely and effectively participate in democratic electoral processes. People who can identify proxy websites and fake accounts on social media will have the knowledge and awareness to question whether the information shared is from a legitimate source or not, instead of being easily swayed to change their political beliefs based on false news stories or digitally altered images. Public servants who have the skills to detect cyber risks can take measures to address and prevent cyber attacks on digital systems like election websites. Indonesia has been taking significant action to address these challenges. The National Cyber and Crypto Agency has worked with election institutions to form cybersecurity units and computer security incident response teams (CSIRTs) dedicated to addressing and preventing cyber threats to election data systems. Public servants working in elections institutions are regularly trained on best practices to identify, respond to, and prevent cyber attacks, including conducting simulation exercises. At the same time, reputable civil society groups such as MAFINDO and Cek Facta serve as important bulwarks against the spread of disinformation by actively monitoring, de-bunking, and pre-bunking hoaxes on social media. This includes posting information for the public to be aware of popular false narratives being spread and sharing links to accurate information from official news outlets. For a deeper dive into best practices on cybersecurity in elections, DAI and IFES under the USAID Digital Frontiers activity published a primer on Cybersecurity and Elections and additional supporting resources.

Photo: Plantix, Bangladesh.

Economic Challenges: Building the Cyber Literacy and Digital Resilience of Small Businesses

Micro, small, and medium enterprises (MSMEs) make up 90 percent of global businesses, fueling the economies of countries in regions such as Southeast Asia, where economic growth is expected to reach $1 trillion by 2030. Digital technologies are becoming more integrated into the global economy, particularly for MSME owners using chat applications and social media to engage more customers. Highlighted in DAI’s Insights Paper published earlier this year, MSMEs across Cambodia, India, and Kenya reported being impacted by disinformation, scams, fraud, and account hacking. Business owners said that hateful comments posted on social media with inaccurate claims about their products caused financial losses and reputational damage. Others reported that they have gotten their accounts hacked through phishing scams, which misleads users to provide sensitive information for malicious actors to gain access to their accounts used for advertising products and communicating with customers. In response to these challenges, business owners lose trust in using digital tools and platforms, which impacts their ability to make a sustainable income and isolates them from participating in an increasingly digitalized global economy.

Digital literacy upskilling for MSMEs should include cybersecurity education. For MSMEs to remain resilient in a rapidly digitalizing economy, business owners must be empowered with the knowledge and skills to safely utilize the digital tools necessary for their operations. Respondents from DAI’s field interviews emphasized the critical need for further training, education, and capacity building for business owners to identify and address disinformation, prevent them from falling victim to scams, and keep their accounts safe online. Respondents also indicated that current development efforts to counter disinformation may also be limited to governance or media-based themes and there is a need to apply these efforts for MSMEs where disinformation is targeted at businesses and customers. Most importantly, these education and awareness efforts should be accessible, which include simplifying complex cyber concepts into easily digestible pieces of information and tailoring resources to local languages.

Advocating for Cybersecurity Literacy through a Rights-Based and People-First Approach

It is important to normalize the idea that someone does not need to be a cybersecurity expert to be cyber literate. Anyone who uses digital devices is at risk of cyber attacks, ranging from attacks that lock users out of their email and steal their data, to encountering digitally altered data disguised as legitimate information to sway their opinion. Organizations such as small businesses or government institutions are more at risk of cyber attacks when the people within these organizations do not know how to identify cyber threats or take action to address them. People are at the heart of cyber actions, responses, and behaviors. To advance digital resilience, development initiatives must not overlook the need to invest in making cybersecurity easy to learn for civil society, election officials, small business owners, and other key stakeholders. Cybersecurity literacy will empower people to achieve their goals and exercise their rights when they how to respond to and use the technologies they interact with in everyday life.