WhatsApp - Three New Security Features

Introduction

In an era when misinformation spreads like wildfire across the digital landscape, the need for effective strategies to counteract these challenges has grown exponentially in a very short period. Prebunking and Debunking are two approaches for countering the growing spread of misinformation online. Prebunking empowers individuals by teaching them to discern between true and false information and acts as a protective layer that comes into play even before people encounter malicious content. Debunking is the correction of false or misleading claims after exposure, aiming to undo or reverse the effects of a particular piece of misinformation. Debunking includes methods such as fact-checking, algorithmic correction on a platform, social correction by an individual or group of online peers, or fact-checking reports by expert organisations or journalists. An integrated approach which involves both strategies can be effective in countering the rapid spread of misinformation online.

Brief Analysis of Prebunking 

Prebunking is a proactive practice that seeks to rebut erroneous information before it spreads. The goal is to train people to critically analyse information and develop ‘cognitive immunity’ so that they are less likely to be misled when they do encounter misinformation. 

The Prebunking approach, grounded in Inoculation theory, teaches people to recognise, analyse and avoid manipulation and misleading content so that they build resilience against the same. Inoculation theory, a social psychology framework, suggests that pre-emptively conferring psychological resistance against malicious persuasion attempts can reduce susceptibility to misinformation across cultures. As the term suggests, the MO is to help the mind in the present develop resistance to influence that it may encounter in the future. Just as medical vaccines or inoculations help the body build resistance to future infections by administering weakened doses of the harm agent, inoculation theory seeks to teach people fact from fiction through exposure to examples of weak, dichotomous arguments, manipulation tactics like emotionally charged language, case studies that draw parallels between truths and distortions, and so on. In showing people the difference, inoculation theory teaches them to be on the lookout for misinformation and manipulation even, or especially, when they least expect it. 

The core difference between Prebunking and Debunking is that while the former is preventative and seeks to provide a broad-spectrum cover against misinformation, the latter is reactive and focuses on specific instances of misinformation. While Debunking is closely tied to fact-checking, Prebunking is tied to a wider range of specific interventions, some of which increase motivation to be vigilant against misinformation and others increase the ability to engage in vigilance with success.

There is much to be said in favour of the Prebunking approach because these interventions build the capacity to identify misinformation and recognise red flags However, their success in practice may vary. It might be difficult to scale up Prebunking efforts and ensure their reach to a larger audience. Sustainability is critical in ensuring that Prebunking measures maintain their impact over time. Continuous reinforcement and reminders may be required to ensure that individuals retain the skills and information they gained from the Prebunking training activities. Misinformation tactics and strategies are always evolving, so it is critical that Prebunking interventions are also flexible and agile and respond promptly to developing challenges. This may be easier said than done, but with new misinformation and cyber threats developing frequently, it is a challenge that has to be addressed for Prebunking to be a successful long-term solution. 

Encouraging people to be actively cautious while interacting with information, acquire critical thinking abilities, and reject the effect of misinformation requires a significant behavioural change over a relatively short period of time. Overcoming ingrained habits and prejudices, and countering a natural reluctance to change is no mean feat. Developing a widespread culture of information literacy requires years of social conditioning and unlearning and may pose a significant challenge to the effectiveness of Prebunking interventions. 

Brief Analysis of Debunking 

Debunking is a technique for identifying and informing people that certain news items or information are incorrect or misleading. It seeks to lessen the impact of misinformation that has already spread. The most popular kind of Debunking occurs through collaboration between fact-checking organisations and social media businesses. Journalists or other fact-checkers discover inaccurate or misleading material, and social media platforms flag or label it. Debunking is an important strategy for curtailing the spread of misinformation and promoting accuracy in the digital information ecosystem. 

Debunking interventions are crucial in combating misinformation. However, there are certain challenges associated with the same. Debunking misinformation entails critically verifying facts and promoting corrected information. However, this is difficult owing to the rising complexity of modern tools used to generate narratives that combine truth and untruth, views and facts. These advanced approaches, which include emotional spectrum elements, deepfakes, audiovisual material, and pervasive trolling, necessitate a sophisticated reaction at all levels: technological, organisational, and cultural.

Furthermore, It is impossible to debunk all misinformation at any given time, which effectively means that it is impossible to protect everyone at all times, which means that at least some innocent netizens will fall victim to manipulation despite our best efforts.  Debunking is inherently reactive in nature, addressing misinformation after it has grown extensively. This reactionary method may be less successful than proactive strategies such as Prebunking from the perspective of total harm done. Misinformation producers operate swiftly and unexpectedly, making it difficult for fact-checkers to keep up with the rapid dissemination of erroneous or misleading information. Debunking may need continuous exposure to fact-check to prevent erroneous beliefs from forming, implying that a single Debunking may not be enough to rectify misinformation.  Debunking requires time and resources, and it is not possible to disprove every piece of misinformation that circulates at any particular moment. This constraint may cause certain misinformation to go unchecked, perhaps leading to unexpected effects. The misinformation on social media can be quickly spread and may become viral faster than Debunking pieces or articles. This leads to a situation in which misinformation spreads like a virus, while the antidote to debunked facts struggles to catch up.

Prebunking vs Debunking: Comparative Analysis

Prebunking interventions seek to educate people to recognise and reject misinformation before they are exposed to actual manipulation. Prebunking offers tactics for critical examination, lessening the individuals' susceptibility to misinformation in a variety of contexts. On the other hand, Debunking interventions involve correcting specific false claims after they have been circulated. While Debunking can address individual instances of misinformation, its impact on reducing overall reliance on misinformation may be limited by the reactive nature of the approach.

CyberPeace Policy Recommendations for Tech/Social Media Platforms

With the rising threat of online misinformation, tech/social media platforms can adopt an integrated strategy that includes both Prebunking and Debunking initiatives to be deployed and supported on all platforms to empower users to recognise the manipulative messaging through Prebunking and be aware of the accuracy of misinformation through Debunking interventions. 

1. Gamified Inoculation: Tech/social media companies can encourage gamified inoculation campaigns, which is a competence-oriented approach to Prebunking misinformation. This can be effective in helping people immunise the receiver against subsequent exposures. It can empower people to build competencies to detect misinformation through gamified interventions. 
2. Promotion of Prebunking and Debunking Campaigns through Algorithm Mechanisms: Tech/social media platforms may promote and guarantee that algorithms prioritise the distribution of Prebunking materials to users, boosting educational content that strengthens resistance to misinformation. Platform operators should incorporate algorithms that prioritise the visibility of Debunking content in order to combat the spread of erroneous information and deliver proper corrections; this can eventually address and aid in Prebunking and Debunking methods to reach a bigger or targeted audience.
3. User Empowerment to Counter Misinformation: Tech/social media platforms can design user-friendly interfaces that allow people to access Prebunking materials, quizzes, and instructional information to help them improve their critical thinking abilities. Furthermore, they can incorporate simple reporting tools for flagging misinformation, as well as links to fact-checking resources and corrections.
4. Partnership with Fact-Checking/Expert Organizations: Tech/social media platforms can facilitate Prebunking and Debunking initiatives/campaigns by collaborating with fact-checking/expert organisations and promoting such initiatives at a larger scale and ultimately fighting misinformation with joint hands initiatives.

Conclusion

The threat of online misinformation is only growing with every passing day and so, deploying effective countermeasures is essential.  Prebunking and Debunking are the two such interventions. To sum up: Prebunking interventions try to increase resilience to misinformation, proactively lowering susceptibility to erroneous or misleading information and addressing broader patterns of misinformation consumption, while Debunking is effective in correcting a particular piece of misinformation and having a targeted impact on belief in individual false claims. An integrated approach involving both the methods and joint initiatives by tech/social media platforms and expert organizations can ultimately help in fighting the rising tide of online misinformation and establishing a resilient online information landscape. 

References

1. https://mark-hurlstone.github.io/THKE.22.BJP.pdf
2. https://futurefreespeech.org/wp-content/uploads/2024/01/Empowering-Audiences-Through-%E2%80%98Prebunking-Michael-Bang-Petersen-Background-Report_formatted.pdf
3. https://newsreel.pte.hu/news/unprecedented_challenges_Debunking_disinformation
4. https://misinforeview.hks.harvard.edu/article/global-vaccination-badnews/

‍

Introduction

‍

With the advent of cloud computing, new information and asset delivery avenues have become possible, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. With this change, the conventional paradigm of "computer as a product" is replaced with "computing as a service," which is provided to customers via the internet by big data warehouses or the cloud. Additionally, it has brought about an essential shift in how organisations function, allowing them to access computer tools and services online instead of needing to construct and manage their IT systems. As a result, organizations are now more agile, scalable, and efficient and can react swiftly to shifting consumer demands and market situations.

The Growth of Remote and Hybrid Workspaces

‍

Hybrid and remote workplaces are becoming more popular post-pandemic era. Many businesses have used regional workplace solutions to manage a more scattered workforce. IT departments are put in a difficult position since they have to make sure that branch office staff and remote workers can access the information they require safely and dependably. VPNs and Direct Internet Access links are becoming more and more popular, thus IT professionals are coming up with innovative ways for connecting distant locations to the main office while protecting the confidentiality of information.

User Portability

‍The widespread use of mobile devices for work, along with the growing Bring Your Own Device (BYOD) culture, has significantly contributed to the rise of remote work and flexible work environments. Employees can now connect to corporate systems using either personal or company-issued devices through secure methods such as Virtual Private Networks (VPNs) or cloud-based platforms. This has made teleworking, work-from-home setups, and flexible work hours increasingly common and practical, allowing for greater productivity and work-life balance.

Growing Volume of Traffic

‍

Professionals in the modern workplace must have access to private apps stored in a data centre or a multi-cloud setup. Nevertheless, these programs might not always be easily accessible from branch offices or by remote workers and staff members might not have instant support for IT. Organizations must discover solutions to this problem so that remote workers may consistently and dependably access company resources while also making the most of their current assets. It is important to note that employees need reliable and secure ways to access their work tools from anywhere, just like they would in the office.

Battling Networking and Security Issues in a Post-Pandemic Setting

‍

While many businesses have successfully adopted a cloud-first approach for new system implementations or have deployed specific Software-as-a-Service (SaaS) solutions, many are still struggling to fully reap the benefits of moving most or all of their business software to the cloud.

‍

• Conventional IT frameworks allowed for the creation of the present company applications. Because of this, these applications are frequently inflexible and configured for fixed capacity across a limited number of data facilities. Certain organizations could lack the elements required to oversee an entire cloud migration. This could be the result of things like an affinity for on-premises systems, aversion to alteration, or a lack of experience with cloud systems. 
• Although cloud computing might be a cost-effective solution for some workloads, it might not be the best choice overall. Running certain applications in a combination of cloud services or on-premises may be more cost-effective. 
• Particularly if they are regionally distributed, workloads requiring high connection speeds or low latency may not be ideal for cloud computing.
• If a corporation lacks authority over the servers in the cloud, it may be concerned about the integrity of its data stored there. Consequently, they would rather keep it inside their data facilities.
• Firms may be restricted in their ability to migrate some types of information to the cloud by legal or compliance regulations. 

Networking and Cybersecurity Consolidation: Handling Present Risks

‍

In the past, protecting a network required establishing boundaries and keeping an eye on communication between recognized devices. However, it is now required for a network's components to work together as a cohesive system due to shifting expectations. To do this, flexible network pieces must be able to communicate with one another while also protecting workflows, apps, and payments that move across different devices. The current problem is to effortlessly combine security with network capabilities and connection so that data can flow between constantly moving devices while being inspected, encrypted, and subject to regulation.

Infrastructure and security personnel must update their methods and equipment to better meet these constraints to deliver reliable, efficient, and trustworthy access across users, apps, and regions within an enterprise. Inevitably, networking and safety will eventually merge for improved organizational alignment.

Businesses may stay ahead of the competition in attracting top people in an increasingly diverse and cost-effective workplace by integrating a virtual and physical workforce. The future of security solutions lies in consolidation and platformisation; a cloud-centric Secure Access Service Edge (SASE) the capacity offering paired with network edge capabilities like secured Software-Defined Wide Area Network (SD-WAN) can improve and automate the safety measures of the company while also cutting down on the complexity and expense of managing disparate point remedies.

Safe Networking: Moving Towards This Phenomenon and Concentration of Cybersecurity

‍

Companies relying on conventional networking models often face challenges in securing modern elements, such as cloud-based applications, remote users, mobile devices, and distributed locations, because traditional networks were not designed with these factors in mind. A robust networking strategy integrates both safety and networking into one system to get around these problems. It enhances security posture and network performance. It improves the user's experience and lessens the complexities of management. It is important to combine point product providers into a risk management platform rather than implementing safety measures one at a time. Tighter cooperation, greater efficiency, and a quicker, better-coordinated reaction to network threats are made possible by this.

SASE: A Coordinated Method

‍

Secure Access Service Edge (SASE) is a cloud-based architecture that offers security and networking solutions as needed and unites all edges into a single logical connection.

SASE drivers

‍

Conventional safety measures are ill-suited to deal with the more dispersed and complicated IT environment brought about by the advent of the Internet of Things, edge computing, and telecommuting. Using SASE, security and network services may be accessed from the cloud, eliminating the need to backhaul traffic to a single data centre for safety assessment.

‍

• Distant user traffic assessment and blind spots presented difficulties for companies.
• Full oversight over hybrid network operations is provided by SASE technology, which provides network services including FWaaS, SWG, DLP, and CASB.
• Issues around abnormal port usage and policy violations have arisen as more customers access SaaS apps from different gadgets and regions.
• SASE technology reduces the cost of hiring IT staff by combining safe access to resources from one supplier.
• SASE technology consolidates secure accessibility capabilities from one vendor, hence lowering the cost of hiring IT workers.
• One major benefit of SASE technology is its ease of administration. Even when overseeing multiple offices inside a corporate network, the IT department's job is minimized because a single cloud-based administrator manages the entire system.

Recommendations

‍

• For high-risk use cases, consider utilizing Zero Trust Network Access to supplement or replace the outdated VPN for distant users.
• Take inventory of the gear and agreements in order to progressively replace the branch and perimeter hardware on-site over a few years in favour of delivering SASE functionalities via the cloud.
• Simplify and cut expenses by grouping suppliers when VPN, CASB, and encrypted web portal agreements are up for renewal. Profit from a market that has come together and integrated these security edge services.
• Limit SASE products to a couple of partnering companies.
• Irrespective of location, integrate Zero Trust Network Access (ZTNA) and methods of authorization (such as MFA) for every client, including those in the workplace or branch.
• To meet security and regulatory requirements, select SASE products that provide you control over where inspection takes place, how traffic is directed, what is recorded, and where records are kept.

Conclusion

‍

The development of cloud technology, the rise of offsite and hybrid workplaces, and the increased challenges in communication and privacy following the pandemic highlight the necessity for a comprehensive and integrated strategy. By adopting SASE (Secure Access Service Edge), a cloud-centric framework that enables secure connectivity across diverse environments, businesses can enhance cybersecurity, streamline operations, and adapt to the evolving needs of modern workplaces. This approach ultimately contributes to a safer and more efficient future for information architecture.

References

‍

• https://www.dsci.in/files/content/knowledge-centre/2023/DSCI-Fortinet%20POV%20Paper.pdf
• https://www.datacenterknowledge.com/cloud/cloud-trends-and-cybersecurity-challenges-navigating-future
• https://banagevikas.medium.com/cybersecurity-trends-2024-navigating-the-future-10383ec10efe

Authors:

‍

Soumya Gangele (Intern - Tech & Policy), CyberPeace

Neeraj Soni (Sr. Researcher), CyberPeace

‍

Introduction

The development of high-speed broadband internet in the 90s triggered a growth in online gaming, particularly in East Asian countries like South Korea and China. This culminated in the proliferation of competitive video game genres, which had otherwise existed mostly in the form of high-score and face-to-face competitions at arcades. The online competitive gaming market has only become bigger over the years, with a separate domain for professional competition, called esports. This industry is projected to reach US$4.3 billion by 2029,  driven by advancements in gaming technology, increased viewership, multi-million dollar tournaments, professional leagues, sponsorships, and advertising revenues. However, the industry is still in its infancy and struggles with fairness and integrity issues. It can draw lessons in regulation from the traditional sports market to address these challenges for uniform global growth.

The Growth of Esports

The appeal of online gaming lies in its design innovations, social connectivity, and accessibility. Its rising popularity has culminated in online gaming competitions becoming an industry, formally organised into leagues and tournaments with reward prizes reaching up to millions of dollars. Professional teams now have coaches, analysts and psychologists supporting their players. For scale, the 2024 ESports World Cup (EWS) held in Saudi Arabia had the largest combined prize pool of over US$60 million. Such tournaments can be viewed in arenas and streamed online, and by 2025, around 322.7 million people are forecast to be occasional viewers of esports events. 

According to Statista, esports revenue is expected to demonstrate an annual growth rate (CAGR 2024-2029) of 6.59%, resulting in a projected market volume of US$5.9 billion by 2029. Esports has even been recognised in traditional sporting events, debuting as a medal sport in the Asian Games 2022. In 2024, the International Olympic Committee (IOC) announced the Olympic Esports Games, with the inaugural event set to take place in 2025 in Saudi Arabia. Hosting esports events such as the EWS is expected to boost tourism and the host country’s local economy.

The Challenges of Esports Regulation

While the esports ecosystem provides numerous opportunities for growth and partnerships, its under-regulation presents challenges. Due to the lack of a single governing body like the IOC for the Olympics or FIFA for football to lay down centralised rules, the industry faces certain challenges, such as : 

1. Integrity issues: Esports are not immune to cheating attempts. Match-fixing, using advanced software hacks, doping (e.g., Adderall use), and the use of other illegal aids are common.  DOTA, Counter-Strike, and Overwatch tournaments are particularly susceptible to cheating scandals. 
2. Players’ Rights: The teams that contractually own professional players provide remuneration and exercise significant control over athletes, who face issues like overwork, a short-lived career, stress, the absence of collective bargaining forums, instability, etc. 
3. Fragmented National Regulations: While multiple countries have recognised esports as a sport, policies on esports governance and allied regulation vary within and across borders. For example, age restrictions and laws on gambling, taxation, labour, and advertising differ by country. This can create confusion, risks and extra costs, impacting the growth of the ecosystem. 
4. Cybersecurity Concerns: The esports industry carries substantial prize pools and has growing viewer engagement, which makes it increasingly vulnerable to Distributed Denial of Service (DDoS) attacks, malware, ransomware, data breaches, phishing, and account hijacking. Tournament organisers must prioritise investments in secure network infrastructure, perform regular security audits, encrypt sensitive data, implement network monitoring, utilise API penetration testing tools, deploy intrusion detection systems, and establish comprehensive incident response and mitigation plans.

Proposals for Esports Regulation: Lessons from Traditional Sports

To address the most urgent challenges to the esports industry as outlined above,  the following interventions, drawing on the governance and regulatory frameworks of traditional sports, can be made:

1. Need for a Centralised Esports Governing Body: Unlike traditional sports, the esports landscape lacks a Global Sports Organisation (GSO) to oversee its governance. Instead, it is handled de facto by game publishers with industry interests different from those of traditional GSOs. Publishers’ primary source of revenue is not esports, which means they can adopt policies unsuitable for its growth but good for their core business. Appointing a centralised governing body with the power to balance the interests of multiple stakeholders and manage issues like unregulated gambling, athlete health, and integrity challenges is a logical next step for this industry. 
2. Gambling/Betting Regulations: While national laws on gambling/betting vary, GSOs establish uniform codes of conduct that bind participants contractually, ensuring consistent ethical standards across jurisdictions. Similar rules in esports are managed by individual publishers/ tournament organisers, leading to inconsistencies and legal grey areas. The esports ecosystem needs standardised regulation to preserve fair play codes and competitive integrity.
3. Anti-Doping Policies: There is increasing adderall abuse among young players to enhance performance with the rising monetary stakes in esports. The industry must establish a global framework similar to the  World Anti-Doping Code, which, in conjunction with eight international standards, harmonises anti-doping policies across all traditional sports and countries in the world. The esports industry should either adopt this or develop its own policy to curb stimulant abuse. 
4. Norms for Participant Health:  Professional players start around age 16 or 17 and tend to retire around 24. They may be subjected to rigorous practice hours and stringent contracts by the teams that own them. There is a need for international norm-setting by a federation overseeing the protection of underage players. Enforcement of these norms can be one of the responsibilities of a decentralised system comprising country and state-level bodies. This also ensures fair play governance.
5. Respect and Diversity:  While esports is technologically accessible, it still has room for better representation of diverse gender identities, age groups, abilities, races, ethnicities, religions, and sexual orientations. Embracing greater diversity and inclusivity would benefit the industry's growth and enhance its potential to foster social connectivity through healthy competition.

Conclusion

The development of the world’s first esports island in Abu Dhabi gives impetus to the rapidly growing esports industry with millions of fans across the globe. To sustain this momentum, stakeholders must collaborate to build a strong governance framework that protects players, supports fans, and strengthens the ecosystem. By learning from traditional sports, esports can establish centralised governance, enforce standardised anti-doping measures, safeguard athlete rights, and promote inclusivity, especially for young and diverse communities. Embracing regulation and inclusivity will not only enhance esports' credibility but also position it as a powerful platform for unity, creativity, and social connection in the digital age.

Resources

• https://www.statista.com/outlook/amo/esports/worldwide
• https://www.statista.com/statistics/490480/global-esports-audience-size-viewer-type/ 
• https://asoworld.com/blog/global-esports-market-report-2024/#:~:text=A%20key%20driver%20of%20this%20growth%20is%20the%20Sponsorship%20%26%20Advertising,US%24288.9%20million%20in%202024. 
• https://lawschoolpolicyreview.com/2023/12/28/a-case-for-recognising-professional-esports-players-as-employees-of-their-game-publisher/ 
• https://levelblue.com/blogs/security-essentials/the-hidden-risks-of-esports-cybersecurity-on-the-virtual-battlefield 
• https://medium.com/@heyimJoost/esports-governance-and-its-failures-9ac7b3ec37ea 
• https://www.google.com/search?q=adderall+abuse+in+esports&oq=adderall+abuse+in+esports&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIHCAEQIRiPAjIHCAIQIRiPAtIBCDU2MDdqMGo5qAIAsAIB&sourceid=chrome&ie=UTF-8 
• https://americanaddictioncenters.org/blog/esports-adderall-abuse#:~:text=A%202020%20piece%20by%20the,it%20because%20everyone%20was%20using

‍