The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber Threats

: This study examines the phenomenon of disinformation as a threat in the realm of cybersecurity. We have analyzed multiple authoritative cybersecurity standards, manuals, handbooks, and literary works. We present the unanimous meaning and construct of the term cyber threat. Our results reveal that although their deﬁnitions are mostly consistent, most of them lack the inclusion of disinformation in their list/glossary of cyber threats. We then proceeded to dissect the phenomenon of disinformation through the lens of cyber threat epistemology; it displays the presence of the necessary elements required (i


Introduction
According to a report by the Institute for Public Relations, 63% of Americans view disinformation as a major problem in society, yet there are limited avenues to combat it outside of media literacy and news spaces [1]. similarly, a report by Neustar International Security Council (NISC) found that 48% of cybersecurity professionals think of disinformation as a threat, of which 49% say the threat is very significant. The study also found that 91% of cybersecurity professionals thought that stricter measures should be implemented on the Internet [2]. The gravity of the impact of disinformation on the confidentiality, integrity, and availability of information makes it necessary to view disinformation not simply as an error of information but as a form of cyberattack.
Cybersecurity relates to the protection and defense of personal information, computer systems, and critical infrastructure. Cyber threats tend to compromise the confidentiality, integrity, and availability of technology systems. Disinformation, the sharing of deliberately misleading or biased information, has been formally classified as an information disorder by the Council of Europe (2017) [3]. The goal of disinformation is to change an individual's thoughts and behaviors, consequently influencing public opinion by altering one's view of reality or accentuating one's prior held beliefs to disrupt truth-seeking. Deceptive information can leave people confused about basic facts and current events, creating a dangerous situation affecting public safety, organizational reputations, or governmental functions. In many ways, disinformation is thus similar to a cyberattack, where instead of compromising a computer system, it compromises our cognitive abilities. Such disruptions have been coined cognitive hacking-where such practices can result in a greater threat than a cyberattack on critical infrastructure [4]. The damage caused by disinformation can be challenging to repair, as people form opinions based on cognitive and confirmation biases. The deceptive nature of disinformation is further accentuated by economic pressures and advertisement-centric models that incentivize disinformation to overload information channels, often drowning the truth. Just as technology and social media expansion increase cybersecurity risks, they exacerbate the impact of disinformation.
Disinformation is plentiful, especially in the current global climate, where much of the deceptive information has been bred or derived from conspiracy theories or political or group ideologies. Here are a few examples of disinformation: During the 2016 Presidential Campaign, Donald Trump tweeted U.S. crime statistics that stated that the proportion of whites killed by whites was 16% and of whites killed by Blacks was 81%, while in reality, the numbers were reversed, seeing that only about 16% of whites were killed by Blacks [5].
Jayda Fransen, Deputy Leader of Britain First, an ultranationalist hate group, tweeted a video with the caption: "Muslim migrant beats up Dutch boy on crutches!" Then-President Trump retweeted the video, yet soon after, the Netherlands Embassy retweeted with "Facts do matter. The perpetrator of the violent act in this video was born and raised in the Netherlands . . . " [5].
Natural News, a site commonly dealing in conspiracy theories, headlined that "Vaccines containing mercury are "medical genocide" that target black communities to damage their babies". By mirroring truthful news articles via seemingly realistic external hyperlinks, they seek to sway public opinion [5].
The Seattle Tribune, a fake news site machining a legitimate news site, shared a fake story about an "Idaho mother sentenced to prison for breastfeeding". This story continues to be shared on social media and sways the discussion around breastfeeding in public [5].
Disinformation campaigns have promoted false narratives that 5G technology suppresses immune systems and that 5G spectrum bands spread COVID-19 [6].
During the early days of the pandemic, false claims were being raised that the National Guard Bureau, of which there is no such entity, would be supporting nationwide quarantines [6].
False information about COVID-19 treatments are still being circulated on social media, many of which present harmful suggestions such as drinking bleach or that "illicit drug activity can "cure" the virus." [6].
The questions one must ask are: Does disinformation compromise cognitive reasoning? If so, is it similar to other cybersecurity threats that may cause harm to an organization or harm public health, specific groups, or public order?
Disinformation and similar information disorders are seldom included in the list of recognized cybersecurity threats in the manuals and appendices of standardizing organizations [7] (National Academies of Sciences, Engineering, and Medicine, 2015). Stemming from Caramancion (2020) [8], such exclusion coupled with the increasing use of disinformation campaigns warrant the classification of disinformation as a cybersecurity threat. To properly counteract disinformation, we must treat it as a cybersecurity issue-where experts have successfully understood, mitigated, and defended against malicious threats caused by phishing, viruses, advanced persistent threats, and other issues. Only recently, in the latest report by ENISA, have disinformation and misinformation been identified as one of the 8 cybersecurity threat categories [9].
The literary contribution of this paper is through its investigation of whether disinformation should be included as part of the international cybersecurity risk continuum. This study critically analyzes cybersecurity industry standards and conducts a comparative assessment of common cybersecurity risks. In doing so, we argue that disinformation is not only a critical threat missing from industry standards; in many ways, entities face greater risks along the risk continuum by not understanding the role of disinformation in risk management. This argument places disinformation as a cybersecurity risk, where deceptive information exploits psychological vulnerability, builds off biases, and comprises logical reasoning leading to cognitive discrepancies, much like current cybersecurity threats.
The practical contribution of this paper rests in the discussion that it provides to integrate disinformation into industry standards and the cybersecurity risk continuum to ensure both a technical and human approach to cybersecurity to respond to the increased reliance on technology. This paper aims to better inform academics and practitioners by establishing a novel approach to studying and conducting risk management of cybersecurity threats in the information era.

Disinformation vs. Other Information Disorders
Fake news, as a phenomenon, has been widely misrepresented. The very definition of fake news has been disputed due to the varying nature of its account [10]. The Council of Europe (2017) has promulgated the concept of information disorders with regards to the phenomenon of fake news. Information disorders are defined as polluters of the information environment. These include but are not exhaustively limited to information presenting itself as deceptive content and hate speech usually fueled by radicalism in beliefs and political positions [3].
Information disorders are further divided into three types, (1) misinformation, (2) disinformation, and (3) malinformation. The common end result of the first two types is deception. The only distinguishing characteristic between them is the prong of intent in the act itself [11]. The former lacks the intent of the creators and spreaders [12] and often occurs by accident due to outdated information, mistranslations, and misapplications, whereas the latter is usually grounded in computational propaganda carefully engineered to explicitly deceive in a broader, more public scope [13]. Malinformation, on the other hand, lacks the resulting deception from the two types of information disorders but is characterized by similarity with disinformation, in that they both mean harm. Forms of malinformation include hate speech, the promotion of violence, and leaks. Malinformation, however, lacks the particular effect of deception since it typically has no associated legitimacy in its forms.
From these underpinnings, it can be inferred that the two distinguishing elements of disinformation from the other types of information disorders are its (1) intentional deception and (2) the harm it intends to produce [8]. With regard to the context of being a threat in digital spaces, disinformation's uniqueness is its very form of falsehood, its disguise as legitimate news headlines and information [8]. This phenomenon as a threat is further amplified by increasing its reach through sophisticated technologies, making it appear as highly believable content through the careful engineering of its components, such as words in headlines and exceptional alterations in the supporting media (photos or videos) that come with them [11].

An Overview of Cyber Threats
Cyber threats were categorized as I.T. issues in the past. As cyberattacks have evolved rapidly and caused increasing damage to organizations and society in recent decades, business leaders have started to recognize cyber threats as an enterprise-wide risk management issue [14]. Today, organizations are expected to take a progressive approach to respond to cyber threats, where C-suite has a deep involvement in the designing and managing of security measures, advanced technologies are employed, and ongoing reviews of cyber risks are conducted by the I.T. team using third-party expertise [15].
There have been multiple attempts to define cyber threats in the literature. The National Institute of Standards and Technology (NIST) defined cyber threats as "any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service" [16]. NIST also released a later version of the definition of the cyber threat in NIST SP 800-160 Vol. 1 and emphasizes that the basis of asset loss constitutes all forms of cybersecurity events and their associated conditions [17]. In addition to asset loss, the term "negative impact" was used by Brauch (2011) [18] to cover both tangible losses like financial loss and intangible losses like reputation damage [19,20]. A threat action can be allocated with a sophisticated level of expertise and significant resources using multiple attack vectors; NIST refers to this advanced type of cyber threat as advanced persistent threat (A.P.T.). Other than A.P.T., researchers have also recognized a variety of new generation threats, such as polymorphic threats, zero-day threats, composite threats, and others [21].
Cyber threats can cause huge losses to the market and to individual organizations. So far, a cybersecurity breach can result in a 21,659 USD recovery expense to an organization, on average [22], and a drop in its stock price [23][24][25]. Among all the security breaches reported in Verizon's 2021 Data Breach Investigations Report (DBIR) [22], 85% involved a human element, while 61% involved credentials. External attackers consist of mainly state-sponsored groups of geopolitical interest, hacktivists aiming to denounce the activities of target organizations, cybercriminals motivated by financial gains, and some cyberterrorists [26]. Consistent with findings from previous years, the threat actors are mainly external individuals and organizations, while financial gains motivate most of the cyberattacks [27,28].
Phishing, social engineering, web application attacks, denial of service (DoS), malware, and ransomware are the most prevalent threat actions in recent years [22,29,30]. Phishing occurs when an attacker attempts to fraudulently obtain sensitive information from a user by disguising as a trustworthy entity [31]. Social engineering is a threat that relies on human interaction, in which a social engineer manipulates the victim into giving sensitive information [32]. Malware is a file or a program that is intended to damage the computer system; examples include computer worms, viruses, Trojan horses, and spyware [30]. Ransomware is also an example of malware, in which the attacker locks the victim's computer system files and demands a payment to unlock the file [30]. Web application attacks usually refer to attacks with a small number of actions after the initial web application compromise [22]. DoS is an attack that compromises the availability of networks and systems, forbidding legitimate users to access the system [22]. All these threats have raised broad concerns among industries and society as a whole. Beyond the most prevalent threats, ENISA distinguished itself by detailing eight threat groups including ransomware, malware, cyptojacking, email-related threats, threats against data, threats against availability and integrity, disinformation, and non-malicious threats [9]. ENISA's report is one of the few that cite misinformation or disinformation at the core of cybercrime activities, which continue to increase exponentially in the wake of COVID-19.

The Importance and Implications of Classifying Cyber Threats
Previous work has attempted to classify cyber threats in different ways. However, few of them have systematically highlighted the importance and the implications of cyber threat classification. The use of taxonomy is generally to gain a greater understanding of a subject; a useful taxonomy should be precise, logical, intuitive, and can be adapted to different application needs [33]. To manage the threats, one should first understand the threat sources and specific areas of the system that may be impacted [34,35]. Therefore, threat classification is necessary because it helps individuals understand threat causes and impacts.
Despite various steps towards cybersecurity, the ultimate goal is to protect digital assets from attackers. Ref. [36] argued that a completely secure solution considers more than one aspect. Classification efforts on cyber threats contribute to cybersecurity by providing key commonalities of the threats as well as variances among them, covering broad aspects including, for example, attack vectors, operational impacts, defense, informational impacts, and targets [37]. As suggested by Al Hwaitat (2020) [38], classifying cyber threats is the major step in designing and implementing effective mitigation measures, which help entities and individuals to understand the nature of the threat and the corresponding security procedures. Threat classification helps identify and organize cyber threats into categories so that security experts can evaluate the impact category by category and develop appropriate measures to target each categorized threat group [39,40]. While the classification scheme assists the organizational defense in protecting the network, for example, by publicizing critical threat information that guides the design of defense strategies, the classification of security threats also benefits cybersecurity awareness in organizations [37]. Classifying different aspects of the malicious uses of a specific technology, such as artificial intelligence (A.I.), also lays a foundation for the detection of and help in predicting future threats [41].

Classification Criteria
Cyber threats can be observed and classified in different ways by considering different criteria such as sources, agents, and motivations [33]. In fact, there have been exhaustive attempts to classify cyber threats based on different criteria. In this study, we systematically list the criteria that previous studies use in order to define a set of criteria that we are going to use for the analysis of disinformation.
In the existing literature, a majority of cyber threat classification work tends to use threat agent [22,42], attack vector [37,43], target [37], impact [22,37,[41][42][43], and defense [37,41]. When an individual or group uses several vectors to exploit cybersecurity vulnerabilities and conducts activities harmful to an entity, the attacking individual or group is referred to as a threat agent or threat actor, and the paths the threat agent used to exploit the target's system vulnerabilities are called attack vectors, sometimes referred to as threat actions [22].
The threat agent is a major element of a successful cyberattack. Previous work has classified cyber threats according to different characteristics of the agent. Most research tends to classify cyber threats into human threats and technological threats (e.g., [33,42]). A good example of human threats would be social engineering, while examples of technological threats can be malware or worms. The actor can also be divided into the individual type and entity type: individual actors include the abusive user, the cyber-bully, the cyber-criminal, cyber-fighter, cyber-terrorist, the hacktivist, the insider, the online social hacker, the script kiddie, and the sexually deviant user, while entity actors include organizations and states or countries [44]. The DBIR reports usually categorize threat agent sources as external actors and internal ones, which is consistent with the characterization of Jouini et al. [33]. In terms of the characteristics of the threat agent, the difference between an error and an attack is the malicious intent of the actor(s).
Different goals also differentiate among cyber threats, that is, what the threat agent wants to achieve from the cyberattack. Many typical goals have been discussed in the literature, such as creating fearful and threatening situations [43], directly punishing a person [45], personal satisfaction, or recompense [42]. As we mentioned earlier, most attackers are driven by financial gains, while some others are driven by espionage [22]. Therefore, another important criterion is the motivation of attackers, either malicious or non-malicious [42].
Researchers also use different terms to describe the target(s), which are the attacked hosts within the attacked entity, including the operating system, network, local computer, user, and application [37]. The targets are sometimes referred to as security layers (application, transport, network, data link, physical, etc.) [46]. Within attack vectors, some research also categorizes cyber threats based on security levels (data, access, and network) [46].
The impact, which is usually negative, typically includes the financial loss and reputational damage of the target. Simmons et al. [37] further distinguished operational impact from informational impact. In their description of the two categories of impact, operational impact refers to the effects on the daily operation of the information systems and the business, such as the inability to access systems, while the informational impact relates more to the effects on the sensitive information itself. The impacted assets can be subject to different damage based on their three attributes-confidentiality, integrity, and availability, according to the C.I.A. 31st Triad. Heartfield et al. [43] focused on attack vectors and the impact of cyber threats; they separately discussed the impact on systems, including physical impact and cyber impact, and the impact on individual users. In addition to the breach of physical privacy and unauthorized, incorrect, delayed, or disrupted operations, cyberattacks also harm users' experiences and emotions [43].
Defense methods, including mitigation and remediation strategies [37], are also an important source that has been used to classify different cyber threats in the recent decade. Table 1 shows the classification criteria summary for the mentioned sources.  Interestingly, there are other aspects of the criteria that researchers and institutions use to classify cyber threats. The DBIR 2021 report also discusses the cyber threats according to the timeline in terms of which breach types take the longest to discover. In the work of King et al. [47], the attack pre-conditions are captured, which is defined as the presence of all the information needed for the successful undertaking of a cyberattack. In addition to the harm to systems and users proposed by Heartfield et al. [43], Tsakalidis and Vergidis [44] point out the inchoate harm that is inflicted by inchoate cybercrimes, i.e., the potential for harm due to incomplete cybercrimes. Moreover, recent work tends to focus on AI-based cyber threats due to the fact that the advancements in A.I. have enabled "more sophisticated, highly targeted, well-trained, and large-scale" cyberattacks [41] (p. 2), such as stealthy spyware, DeepLocker, PassGAN, and others.
In this study, we analyze the threat of disinformation and how it is comparable to other known cyber threats in the aspects of the threat agent, attack vector, target, impact, and defense. The detailed criteria are presented below in Table 2; descriptions of the items with the criteria are largely based on mentioned resources. Steps used by defenders to correct the situation prior to or during an exploitation

Methods Overview
In addition to the epistemological definitions presented above, we have analyzed the publicly available cybersecurity knowledge systems through manuals and literary works and compiled their definitions of a cyber threat. In their respective content, we have also examined the inclusion of the phenomenon of Disinformation in the explicitly classified threat list, including the closely related synonyms such as Fake News and Misinformation. We divided these artifacts into two categories: (1) The most recent works in Table 3 and (2) the prevailing authoritative standards and manuals in Table 4.

Definition of Cyber Threat Inclusion of Disinformation
Enisa Thread Landscape (2021) [9] Incidents that are usually not restricted to one particular sector and in most cases affect more than one of them. This is indeed true since in many cases the threats manifest themselves by exploiting vulnerabilities in underlying ICT systems that are being used in a variety of sectors.
One record found NARUC Cybersecurity Manual (2021) [48] Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an I.T. and I.C.S. via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Source Definition of Cyber Threat Inclusion of Disinformation
The Australian Cyber Security Centre (ACSC)'s Information Security Manual (I.S.M.) (2021) [49] Any circumstance or event with the potential to harm systems or data.
None found Canadian Centre for Cybersecurity's an Introduction to The Cyberthreat Environment (2021) [50] An activity intended to compromise the security of an information system by altering the availability, integrity, or confidentiality of a system or the information it contains.

None found
CyBOK: The Cyber Security Body of Knowledge v1.1 (2021) [51] An individual, event, or action that has the capability to exploit a vulnerability. Threats are also socio-technical and could include hackers, disgruntled or poorly trained employees, poorly designed software, a poorly articulated or understood operational process, etc. To give a concrete example that differentiates vulnerabilities from threats-a software interface has a vulnerability in that malicious input could cause the software to behave in an undesirable manner (e.g., delete tables from a database on the system), while the threat is an action or event that exploits the vulnerability (e.g., the hacker who introduces the malicious input to the system).
One record found FFIEC Information Technology Examination Handbook Information Security (2021) [52] An internal or external circumstance, event, action, occurrence, or person with the potential to exploit technology-based vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
None found Table 4. Authoritative Sources and Definitions of Cyber Threat.

Definition of Cyber Threat Inclusion of Disinformation
Cybersecurity and Infrastructure Security Agency (CISA) [53] A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

None found
Committee on National Security Systems (CNSS) [54] Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

National Institute of Standards and Technology (NIST) [55]
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

None found
United States Department of Homeland Security [56] Indication of potential harm to life, information, operations, the environment, and/or property may be a natural or human-created occurrence and includes capabilities, intentions, and attack methods of adversaries used to exploit circumstances or occurrences with the intent to cause harm.

None found Escal Institute of Advanced Technologies (SANS Institute) [57]
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

None found
Information Systems Audit and Control Association (ISACA) [58] Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm.

None found
Internet Engineering Task Force (IETF) [59] A potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event that could cause harm. Any circumstance or event with the potential to adversely affect a system through unauthorized access, destruction, disclosure, or modification of data, or denial of service.

Results and Analyses
Using the most recent and authoritative sources discussed above, we coded and analyzed the main cyber threat vectors. Based on the findings in previous tables, we discuss how disinformation makes sense to be included alongside the commonly referenced cyber threats in Table 5.

Disinformation, Phishing, Social Engineering
Since phishing is essentially a major technique of social engineering, they are the same in a lot of aspects [16]. The threats of phishing and social engineering both target security layers of data and users, both of them directly manipulate victims to divulge sensitive information [51]. Social engineering/phishing and disinformation are similar in terms of their threat actors, impact, and defense methods. All these threats involve nation-state attackers, reputational and economic damage, and the defense methods of public education and detection measures for suspicious activities. In addition, both social engineering/phishing and disinformation directly trick front-end users. Human weaknesses, traditionally targeted by attackers, are consistent between disinformation and phishing. Research has found that intuitive thinking style and willingness to share personal information significantly lead to a higher risk of phishing [60]. This is similar to the disinformation trap given Pennycook et al., (2020) [61] in their finding that disinformation is driven by victims' cognitive laziness. While social engineering/phishing attacks are more driven by economic gains, disinformation is more motivated by radicalism, interference in elections, or cyberwarfare. The different motivations lead to the distinct goals of these attacks-while social engineering/phishing aims at obtaining sensitive information and make money from the attack, disinformation is used to achieve the goal of reshaping public perception. The attack vectors for social engineering are mainly communications through email or phone messages, while for disinformation they could be through various approaches, such as advertisements, web searches, and social media. Overall, our findings lend support to Caramancion 's (2020) [8] argument that disinformation should be classified as a cyber threat.

Disinformation and Web Application Attacks
The commonality of web application and disinformation attacks is their characteristic and design for hiding behind a legitimate surface vector. Whereas the former is usually embedded in software and its components, the latter is usually engineered to appear as a legitimate authoritative source of news information. To lure users, they both rely on the human contextual vulnerability to trust familiar procedures and interfaces. It should further be emphasized that they are both carefully engineered to deceive, and as such, recognition of their true nature remains elusive unless a user is trained and familiar with them.

Disinformation and Distributed Denial of Service (DDoS)
The common ground between disinformation and distributed denial of service (DDoS) rests upon the coordinated acts of propaganda on the part of the threat enforcers, which can either be humans or their mechanical counterparts. While DDoS attacks aim at the disruption of services, disinformation's goal is to reshape public perception. Furthermore, they can be both commonly funded by adversarial entities such as nations or institutions due to the costs associated with their massive deployments on a global scale. Preventive mechanisms on both of their phenomena require prompt detection. While DDoS are typically recognized through intrusion detection/prevention systems, disinformation instances are typically detected in the automated detectors in social platforms after a reporter (or crowd reporters) notify the involved providers. Finally, strategies for their remediation are geared more towards developers and providers since these threats operate at the level of the medium itself.

Disinformation, Malware, and Ransomware
Malware is malicious software or firmware that gains unauthorized access to a system affecting the confidentiality, integrity, or availability of that system or data [48]. Ransomware, in turn, is one of the "most profitable" and "popular forms" of malware that gains unauthorized access to a system holding it hostage until demands, typically monetary, are met [62]. The threats of malware and ransomware are similar in that they both target data and users, both seeking to trick users into opening an attachment or clicking a link containing malicious code. Malware in its various forms, as well as ransomware, is similar to disinformation in terms of threat actors, targets, impacts, and defense mechanisms. The impact of malware is much like disinformation in that it can lead to reputational damage, economic loss, or loss of public trust. For example, if a hospital faces a ransomware attack, disinformation about the hospital's practices can hurt its reputation and cause the loss of its ability to perform at optimal capacity, resulting in economic loss, or even worse, physical lives lost. Alongside this loss of reputation, the public may not feel secure or safe seeking medical treatment at that hospital. In addition, malware and disinformation both trick front-end users. Such deception in malware is found via email attachments, malicious advertising (malvertising), fake software installations, infected USB drives, infected applications, phishing emails, and more [62]. Much like disinformation preys on human weaknesses, so too does malware. While forms of malware, including ransomware, are more driven by profit, disinformation seeks to reshape public perception or fulfill a preset agenda. In terms of defense, both malware and disinformation can be mitigated via machine learning or analogy, or disinformation detection. Similarly, for remediation and to mitigate the threats to various systems, addressing humans via public awareness and, more importantly, employee training is becoming commonplace. In this, bring your own device programs, safe email attachment practices, or training on depicting scams, or suspicious emails are seen across organizations, universities, and governments. Much like the defense mechanisms for countering disinformation, to protect against malware, it is recommended that you be careful online, where the risk of contracting malware or falling victim to misinformation is more common.

Disinformation, Zero-Day Attacks, and New Generation Threats
New generation threats are multi-vectored and often multi-staged. Advanced persistent threats (A.P.T.s) (also known as advanced targeted attacks, or A.T.A.s) are sophisticated network attacks in which an unauthorized person gains access to a network and stays undetected for a long period of time [63]. The A.P.T.s and disinformation share persistence as a common trait. These threats spread through networks, where disinformation is most commonly spread on social media. They can often be funded and used by nations or nation-funded organizations.
A polymorphic threat is a cyberattack-such as a virus, worm, spyware, or Trojan-that constantly changes ("morphs"), making it nearly impossible to detect using signature-based defenses [63]. Polymorphic threats and disinformation are difficult to spot. A network or social media platform can block activities based on behaviors.
A zero-day threat is a cyberattack on a publicly unknown operating system or application vulnerability, so named because the attack was launched on (or increasingly before) "day zero" of public awareness of the vulnerability [63].
Both zero-day threats and disinformation can impact organizational reputation and influence public opinion negatively. While the outcome can be costly, both financially and socially, the threats often are not discovered until the damage has been done.
Another new generation threat is composite threat. The composite threats are also called blended threats, which combine syntactic and semantic attack approaches [64]. Composite threats and disinformation have the commonality of using multiple media or methods. Disinformation can be spread through various communication platforms, such as social media or private messaging. Composite threats utilize a mix of malicious tools and exploits multiple vulnerabilities.
Many of the new generation threats and disinformation have similar threat actors, impacts, and they call attention to the importance of user education. As with other cyber threats, it is important for users to be aware of disinformation as a threat and be educated about new risks.

Conclusions and Future Works
As nations and organizations seek increased cybersecurity, it is essential for them to take into consideration all risks that may play on human weaknesses or affect their functional operations, reputation, or public safety. The findings of this study lend support to Caramancion 's (2020) [8] argument that disinformation should be classified as a cyber threat. As signified in this study, most, if not all, cyber threats play on human weaknesses, at least to some degree. Much like phishing, DDOS, malware, or A.P.T.s, disinformation too plays on human weaknesses. It is critical that as information threats increase, practitioners and academics alike begin to view disinformation through the lens of a critical cyber threat.
In the future, we recommend that cybersecurity threats are updated in manuals, and disinformation is better understood and discussed in the context of the harm it may present to particular individuals, groups, organizations, or governments. Disinformation must be discussed outside of political realm, to encompass the threats it poses to cybersecurity and daily decisions. Beyond simply defining disinformation and outlining what it consists of, one must properly stipulate its role in society and how disinformed individuals threaten businesses, processes, or the very government on which a country relies. The goal of this paper is to raise awareness on disinformation and cyber threats by providing a novel approach to categorizing it as a cyber threat with regard to the impact of and defense mechanisms needed to mitigate the harm. In the midst of a global pandemic, increasing inequalities, and widening digital divides emphasize the need for a better understanding of the threats the world faces, especially as more turn to technology for work and leisure, we must properly define, protect against, and mitigate cybersecurity threats. Thus, the disinformation infodemic requires a calculated and coordinated effort by governments, businesses, and the public to create robust standards and implement stronger humancentric defenses.