Hacking Reputation: Disinformation, Trust, and Cyber Crisis Response with Preston Golson
Season 3 Episode 17 •Show Notes
A cyber incident can damage far more than systems and networks. It can also become a reputational crisis, especially when false or misleading narratives move faster than facts. In this episode of Cyber Focus, Frank Cilluffo speaks with Preston Golson of Brunswick Group about why organizations need to treat reputation as a vulnerability that can be tested, stress-tested, and defended much like any other part of their cyber posture.
Drawing on his work in cyber incident response and his earlier career at the CIA, Golson explains how misinformation and disinformation take hold, why many damaging narratives are foreseeable, and how companies can prepare before a crisis hits. The conversation explores red teaming, “prebunking,” unified crisis response, and the growing importance of trust, credibility, and AI-generated search results in shaping public perception. For leaders trying to manage cyber risk in a more volatile information environment, this episode offers a practical framework for thinking about reputation, crisis communications, and resilience.
Main Topics Covered
- Reputation as a cyber target
- Disinformation and viral narratives
- Red teaming reputational risk
- Cyber crisis communications
- Prebunking and digital inoculation
Key Quotes
“Misinformation is like a forest fire and we live in a forest with combustible conditions … false and misleading narratives can be caught quickly and they can affect a company’s license to operate.” — Preston Golson
“If you have a dedicated team to look for [reputational risks], you can hack your own reputation, understand where your vulnerabilities are and then reverse engineer defenses and proactive communications … to help build resiliency amongst your audiences.” — Preston Golson
“We don’t play whack a mole. Not every narrative deserves a response. As a matter of fact, some narrative, if you give them a response, it’ll give it more oxygen.” — Preston Golson
“What effective [misinformation] narratives are doing are playing on people’s insecurities, [and] people’s desire to understand a world that is increasingly complex. It doesn’t always make sense.” — Preston Golson
“Ransomware really did democratize cyber. Everyone’s a target from the biggest Fortune 10 down to every mom and pop shop…” — Frank Cilluffo
Relevant Links and Resources
Guest Bio
Preston Golson is a director at Brunswick Group, where he works on cyber incident response and related communications challenges. Before joining Brunswick, he spent more than 15 years at the Central Intelligence Agency. In this episode, he draws on that experience to discuss cyber crisis response, disinformation, reputational risk, and how organizations can prepare for false or misleading narratives before they take hold.
Transcript
1
00:00:00,000 –> 00:00:01,000
Preston Golson [00:00:00]: Disinformation, misinformation is like a forest fire. We live in a forest with combustible conditions. That environment, it creates situation where false and misleading narratives can be caught quickly and they can affect a company’s license to operate.
2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:16]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo and this week I have the privilege to sit down with a longtime friend. In fact, we were just chatting, it’s been over 25 years I’ve known Preston Golson. Preston is a director at the Brunswick Group, which is a top tier communications firm and prior to that spent over 15 years at the Central Intelligence Agency. A very thoughtful, focused on cyber issues long before they were cool and just had a really interesting article out called Hacking Reputation. Preston, thanks so much for joining us today.
3
00:00:02,000 –> 00:00:03,000
Preston Golson [00:00:57]: Thank you, Frank.
4
00:00:03,000 –> 00:00:04,000
Frank Cilluffo [00:00:58]: So I thought we’d start from the beginning. Your article really did zero in on something we’re seeing more and more and more of and that’s that reputation itself is a target. When we think of cyber, we’re normally thinking about zeros, ones, we’re thinking about critical infrastructure. But at the end of the day, why don’t you set us, set us, set the story straight and sort of zero in on what hacking reputation actually entails.
5
00:00:04,000 –> 00:00:05,000
Preston Golson [00:01:22]: Yeah, thank you, Frank. One of the things that I do in Brunswick, amongst many other things, is help with cyber incident response. And I started to think over time that as our clients systems are at risk, their reputation’s at risk as well. And we think about hacking in cyber, essentially it’s threat actors taking advantage of vulnerabilities in the network. And how do we protect against that in the cyber world? We use proactive threat hunting, use pen testing, ethical hackers to look at your systems, find vulnerabilities and patch them before the adversaries find them. So I thought, well, we can do the same thing for reputation. Companies have reputational vulnerabilities. They have issues.
6
00:00:05,000 –> 00:00:06,000
Preston Golson [00:02:01]: If you have a dedicated team to look for those issues, you can hack your own reputation, understand where your vulnerabilities are and then reverse engineer defenses and proactive communications, which I can talk about more later to help sort of like build resiliency amongst your audiences.
7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:02:17]: Awesome. And we will unpack that further. But before we jump into that, is this fundamentally a cyber issue, an information issue, something bigger, a combination, all of the above?
8
00:00:07,000 –> 00:00:08,000
Preston Golson [00:02:28]: A combination of all the above. I think companies have always had to deal with conspiracies. I mean, conspiracies are as old as humankind. Right? What’s different now is the speed and virality by which conspiracies spread. I liken disinformation, misinformation is like a forest fire. And we live in a forest with combustible conditions, intense polarization, the sort of collapse in trust of institutions, poor quality information sources, and increasingly now I call the retreat of content moderation.
9
00:00:08,000 –> 00:00:09,000
Preston Golson [00:02:59]: That’s not as strong as it used to be. And I frankly personally believe that I’m a big free speech absolutist and that the best antidote to bad speech is other free speech. But that’s that you can’t necessarily, I say the fact checkers won’t save you as an organization. So that environment, it creates situation where false and misleading narratives can be caught quickly and they can affect a company’s license to operate.
10
00:00:09,000 –> 00:00:10,000
Frank Cilluffo [00:03:24]: And in a way, everyone’s an editor today too, right?
11
00:00:10,000 –> 00:00:11,000
Preston Golson [00:03:27]: Everyone’s a mouthpiece, Everyone’s a-
12
00:00:11,000 –> 00:00:12,000
Frank Cilluffo [00:03:29]: Everyone’s a mouthpiece. Everyone’s a TV network.
13
00:00:12,000 –> 00:00:13,000
Preston Golson [00:03:32]: Everyone has followers. They can share with thousands or hundreds, millions, depending on what their follower base is.
14
00:00:13,000 –> 00:00:14,000
Frank Cilluffo [00:03:36]: You know, you also argue in your piece that a lot of this is foreseeable. And why do organizations still get caught and they don’t think about it until it’s arguably too late?
15
00:00:14,000 –> 00:00:15,000
Preston Golson [00:03:49]: Yeah. Let me first address why it’s foreseeable. A lot of misinformation, false, misleading narratives I say are based upon legitimate criticisms that are then turned up to 11 and distorted. We see different industries. You can think about energy industry, for example. If you’re in an energy industry, you’re probably going to get accused of greenwashing, for example, because there’s a deep distrust in energy ESG initiatives and so forth. So, you know, that’s a narrative that’s out there and it’s based upon some legitimate criticisms. So that being said, you can see a lot of things in your sectors that could affect you ahead of time.
16
00:00:15,000 –> 00:00:16,000
Preston Golson [00:04:25]: But why do companies not see that? I’d say two reasons. First of all, they see themselves in the best light. You work with an organization, you know what you’re up to, you know what you stand for, and that creates blind spots where you can’t necessarily see how someone would view what you’re doing as being negative or detrimental. And then that leads to a failure of imagination. I’m a former CIA analyst. I would cut my teeth at CIA in the early 2000s, around the time of the Iraq WMD controversy, as well as a 9/11 failure of your imagination, which you know very well and studied and written about. And we learned as a CIA analyst early on in that time frame that in order to, you need to give people permission to challenge assumptions.
17
00:00:16,000 –> 00:00:17,000
Preston Golson [00:05:09]: That’s when they created the red cell at CIA. You need to task people with their job is to basically look at long held assumptions and address them and see and challenge those and mix analysis stronger. Do the same thing for reputation. You need to have someone look at your company organization with clear eyes and the eyes of the detractor or adversary to see where the holes are, where the controversies could be and so forth. It’s easier for someone to do that when they’re given the free rein to do it.
18
00:00:17,000 –> 00:00:18,000
Frank Cilluffo [00:05:37]: Awesome. And I do want to touch on, because you do bring up red teaming and the concept in the context of reputation management as well. I do want to pull that thread in, in a few but, or actually, why don’t we just go to that now? So what is red teaming in, in this particular context?
19
00:00:18,000 –> 00:00:19,000
Preston Golson [00:05:56]: Yeah, so we were familiar with red teaming in the military context, you know, blue team, red team, cyber context even as well, as I mentioned before, analytical context, but in this context it is essentially asking a unit, whether it be internally or bringing outside advisors, to come and take a hard look at the reputational vulnerabilities that your company has and then to sort of take an opportunity to sort of rack and stack and prioritize where the highest risk narratives are and the ones that could cause the biggest problem for an organization. Identify what this could be and then start thinking about, well, what sort of things can be doing now to buy down risk against that particular issue. And so basically the Red team is sort of like a, you know, bunch of folks, you know, such as myself, you know, some information operations background or something like that, can kind of take a look at it and look at the way the adversary would look at you, and hopefully through that process, you’re able to sort of understand the potential narratives used against you before the bad guys do.
20
00:00:19,000 –> 00:00:20,000
Frank Cilluffo [00:06:53]: And this comes back to some of your good work at the agency as well. Right? So my students would always be guinea pigs, the agency before they would go into the broader workforce with a red teaming scenario, they would used our students to go through some of that in the past. And, and that thinking, I think does A, it, it doesn’t get to groupthink or at least it doesn’t foster group think alone, and B, the idea is to get there before the adversary does to, to, to a large extent. Right?
21
00:00:20,000 –> 00:00:21,000
Preston Golson [00:07:25]: Yeah. And to this end we can use, our approach at Brunswick is to use a mixture of human intelligence expertise, also some AI tools we developed that help sort of helps us look at the, the issues in the world and then apply those issues to potential misinformation narratives that could use against our clients.
22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:07:41]: And again, everything, technology changes, but human nature remains largely consistent. And I look back to the old KGB disinformation campaign that the CIA created AIDS. I mean, these things are sticky for some reason or another. And I’d be curious what your thinking is there, because, I mean, when we look at technology, when we look at human intelligence, they’re converging so darn fast, aren’t they?
23
00:00:22,000 –> 00:00:23,000
Preston Golson [00:08:07]: Oh, yes, yeah. And that’s a great point, Frank. When you think about it, I tell people, when they think about the issue of false, misleading narratives, disinformation, misinformation, you gotta have an element of empathy when you think about that, because what effective narratives are doing are playing on people’s insecurities, people’s desire to understand a world that is increasingly complex. It doesn’t always make sense. We think about the COVID situation. We have people who, their entire livelihoods were turned upside down. I mean, some of us were able to keep working from home, but if you’re a bartender or something like that, you can’t do that sort of thing. Right?
24
00:00:23,000 –> 00:00:24,000
Preston Golson [00:08:41]: There’s a genuine frustration that people have, and we can’t dismiss that. And people are looking for answers, and there are some people who will exploit that frustration with false, misleading narratives. And it can be very, very compelling and very energizing to people who are dealing with challenging times and trying to figure out what’s going on.
25
00:00:24,000 –> 00:00:25,000
Frank Cilluffo [00:08:59]: And you’ve also done a lot of very good work in terms of incident response. And communications is essential and often early. You get it wrong from the outset, you’re on your back foot, and you may never change the narrative. But tell me what an incident looks like. How do you advise some of your clients?
26
00:00:25,000 –> 00:00:26,000
Preston Golson [00:09:19]: Cyber or disinformation?
27
00:00:26,000 –> 00:00:27,000
Frank Cilluffo [00:09:20]: Cyber. Let’s talk cyber, and if you’ve got some reputation. Little bit of both.
28
00:00:27,000 –> 00:00:28,000
Preston Golson [00:09:25]: Yeah. They’re similar things. But for cyber, I think the term, two things I’d say, well, a few things, accuracy and timeliness are critical. A unified response is critical. And the third one here is being seen as a responsible cyber actor. Those are three critical things we always emphasize.
29
00:00:28,000 –> 00:00:29,000
Frank Cilluffo [00:09:44]: And different stakeholders too.
30
00:00:29,000 –> 00:00:30,000
Preston Golson [00:09:45]: Exactly.
31
00:00:30,000 –> 00:00:31,000
Frank Cilluffo [00:09:46]: You’ve got customers, you’ve got clients.
32
00:00:31,000 –> 00:00:32,000
Preston Golson [00:09:48]: That’s a unified response.
33
00:00:32,000 –> 00:00:33,000
Frank Cilluffo [00:09:50]: Government regulators.
34
00:00:33,000 –> 00:00:34,000
Preston Golson [00:09:52]: It’s a whole, I mean, cyber is a whole of organization response. Everyone has to be on the same page, everyone has to be in the same room. Because what you say to one customer needs to be mirrored by saying to other customers. And like you said before, if you’re too fast and inaccurate, that’s where you lose credibility. So we tell people all the time, accurate is most important. You have to sort of like open the aperture as you know more, and that could take days, weeks, months sometimes. I do find that the challenging situation for some, like especially B2B or B2C customers, is when there’s a ransomware incident and your systems are down and you need to keep business going.
35
00:00:34,000 –> 00:00:35,000
Preston Golson [00:10:28]: And that’s when we’ve seen several clients go all hands on deck to develop workarounds. Sometimes it could be analog workarounds, get out the old ledger book if you have to, but communicating to customers accurately, because once you communicate and you write checks you can’t cash, that’s when you really start getting, people get frustrated. I think people have dealt enough cyber instance to understand that, I say that cyber is kind of a there by the grace of God go I situation where, like, other companies know that, you know, they could be in it too. But what they don’t like to be in a situation is where they feel that they’re not getting straight answers.
36
00:00:35,000 –> 00:00:36,000
Frank Cilluffo [00:11:02]: Well said. And ransomware really did democratize cyber. I mean, everyone’s a target, from the biggest fortune 10 down to every mom and pop shop who are struggling to do 15 other things in addition to having cyber responsibilities. And have you seen that trajectory improve? Because at the end of the day, it’s really the executive, it’s the CEO. It’s not just the communications issue. It’s everyone’s issue. Right?
37
00:00:36,000 –> 00:00:37,000
Preston Golson [00:11:31]: The companies that perform the best are the ones where it’s a C suite led. They bring everybody in. Because when you’re communicating, especially again, with complex operations, are you able to get out to your top customers? Are your legal team able to get to regulators? Everyone has to be understanding what’s going on in an organization, understanding what the state of play is to get that message out accurately and, again, in the right sort of fashion to a variety of people. Clients that struggle are ones where there’s not a unified CRT, crisis response team. Those are the ones that struggle more, I find. But I find that clients are getting better and better and more, less surprised or less, how do you say it, less daunted by these situations because it’s happened so much.
38
00:00:37,000 –> 00:00:38,000
Frank Cilluffo [00:12:17]: Exactly. It’s everyone’s business, and you blink and you miss the last one anyway.
39
00:00:38,000 –> 00:00:39,000
Preston Golson [00:12:22]: And we invest a lot in cyber incident response, but we also invest a lot of our time in helping clients do cyber preparation.
40
00:00:39,000 –> 00:00:40,000
Frank Cilluffo [00:12:26]: Yeah. And I do think still most will look at the incident response. They’ll look at the tech piece, but the communications piece is essential and it has to be hand in glove with all of the other.
41
00:00:40,000 –> 00:00:41,000
Preston Golson [00:12:39]: I mean, you have to be speaking to the CISO and also at times the CISO has their own communication responsibilities.
42
00:00:41,000 –> 00:00:42,000
Frank Cilluffo [00:12:44]: Absolutely.
43
00:00:42,000 –> 00:00:43,000
Preston Golson [00:12:45]: When you’re talking to other CISOs to make sure they feel comfortable that the response a company is doing is following all the best practices, working with forensics teams, going through the right steps.
44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:12:53]: And you’ve seen improvement. I’ve certainly seen improvement over the years, but unfortunately the threat itself is still is-
45
00:00:44,000 –> 00:00:45,000
Preston Golson [00:13:01]: No, threat’s still there. Yeah.
46
00:00:45,000 –> 00:00:46,000
Frank Cilluffo [00:13:03]: It’s how you manage it and how you handle. And I think that does get lost in our community. We’re never going to remove risk entirely. It’s how you manage it and how you get through it and how you communicate it, I think becomes so essential as well.
47
00:00:46,000 –> 00:00:47,000
Preston Golson [00:13:19]: And the actors are just, you know, they’re hitting so many, I mean, and getting so many in some of these, these incidents. In some ways, you know, sometimes it’s just get lost in the sauce in some regards. But they still, whether that they get reported on in the public at all, there’s still that damage and the organizational costs that are still there, whether or not it’s reported on or not.
48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:13:38]: I want to pull back on your old job and thinking a little bit. And the world has changed dramatically in the past few years in terms people’s digital footprints, and tradecraft as a whole has changed exponentially in so many different ways. One of the questions I get asked by a lot of our students is what is their right social media presence, their digital footprint? Too much and they’re afraid it could be used against you. Too little and you’re suspicious. What is that right balance? What would you be advising students who want to work at your former employer?
49
00:00:48,000 –> 00:00:49,000
Preston Golson [00:14:20]: So it’s interesting. So when I came out of Harvard in 2002 at CIA a few years later, Facebook started and it started with Harvard students and other folks. You know, I’ve been on it since the kind of the beginning.
50
00:00:49,000 –> 00:00:50,000
Frank Cilluffo [00:14:30]: Yeah. The very beginning.
51
00:00:50,000 –> 00:00:51,000
Preston Golson [00:14:31]: The very beginning. And, you know, I think it’s just, you know, I think responsible use, you know, similar to, you know, how you choose to use your LinkedIn profile. You want to, you know, put a good solid foot forward about yourself. I don’t think you need to be giving away all the information about where I’ve been, where I am right now and so forth. That’s just not to me a-
52
00:00:51,000 –> 00:00:52,000
Frank Cilluffo [00:14:53]: From an OPSEC standpoint, that is-
53
00:00:52,000 –> 00:00:53,000
Preston Golson [00:14:54]: An OPSEC perspective, even if you’re intelligent or not intelligent, we were talking before about do you post your pictures from holiday after you get home? I leave that to people. But you need to think smart about those things and show that you are responsible for things because, again, when you are working in intelligence there are a lot of people looking at you and are you responsible enough to know kind of when to advertise and when not to advertise what you’re doing? And it’s very, very important to people to think about.
54
00:00:53,000 –> 00:00:54,000
Preston Golson [00:15:24]: So I think, you know, it’s not, I wouldn’t say people don’t be on it because again if you’re not on it, that’s a red flag as well. But just try to be on it responsibly. I mean just think about it, think about the long term. Do a red team on your own social media.
55
00:00:54,000 –> 00:00:55,000
Frank Cilluffo [00:15:37]: That’s what I was going to say. Even as young people and they’re not thinking about it.
56
00:00:55,000 –> 00:00:56,000
Preston Golson [00:15:41]: If I was an outside employer looking at my social media right now, what would I think? And you say, oh no problems.
57
00:00:56,000 –> 00:00:57,000
Frank Cilluffo [00:15:47]: That’s great advice.
58
00:00:57,000 –> 00:00:58,000
Preston Golson [00:15:48]: Oh no, actually, then you might want to think about going with a different approach.
59
00:00:58,000 –> 00:00:59,000
Frank Cilluffo [00:15:54]: That’s great advice. And then the flip side is signal to noise, everything, there’s so much data, we’re drowning in it right now. But to get the signal sometimes is difficult. Right?
60
00:00:59,000 –> 00:01:00,000
Preston Golson [00:16:07]: Yeah. So that’s a big issue on the whole false misleading narratives front. We don’t play whack a mole. Not every narrative deserves a response. As a matter of fact, some narrative, you give them response, it’ll give it more oxygen. Right?
61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:16:20]: Often.
62
00:01:01,000 –> 00:01:02,000
Preston Golson [00:16:21]: So we’ve really sort of honed in on three things as to help clients know what’s a high risk narrative. The first is credibility. Is the false misleading information, if someone were to hear it, would they believe it? Doesn’t matter if it’s true or not. Is it believable, is the nature of it.
63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:16:38]: And sticky. And spreads.
64
00:01:03,000 –> 00:01:04,000
Preston Golson [00:16:39]: Yeah, and sticky. Yeah, and sticky. Yeah. And I think we all know kind of what those narratives could be in different situations. The second is impact. Like so if people are to believe this narrative, what’s the impact of that in your business? I mean is your executive get hauled down in front of Congress because someone in Congress believes this particular narrative about you? Will someone try to organize an online boycott of your organization based upon this? Like what’s the impact of this information? And then what’s the potential spread or penetration of this issue? That could be determined by if it’s a, for example, right now immigration issues are like a big deal, you know, either side. And if you get caught up in some sort of immigration controversy, one side or the other is going to like go viral with that.
65
00:01:04,000 –> 00:01:05,000
Preston Golson [00:17:19]: So you know, that’s gonna be something that penetrates.
66
00:01:05,000 –> 00:01:06,000
Frank Cilluffo [00:17:21]: Yeah.
67
00:01:06,000 –> 00:01:07,000
Preston Golson [00:17:21]: And what I tell my clients is that if the answer is yes to all three of those, it’s potential, it’s credible, it has an impact, has potential to spread. You have a high risk narrative.
68
00:01:07,000 –> 00:01:08,000
Frank Cilluffo [00:17:32]: And again facts are not always, it’s the believability here.
69
00:01:08,000 –> 00:01:09,000
Preston Golson [00:17:38]: Right.
70
00:01:09,000 –> 00:01:10,000
Frank Cilluffo [00:17:39]: But I think that most disinformation campaigns have to be grounded in, as you said, some truth.
71
00:01:10,000 –> 00:01:11,000
Preston Golson [00:17:44]: Some legitimate criticism.
72
00:01:11,000 –> 00:01:12,000
Frank Cilluffo [00:17:45]: At least some legitimate criticism. So eight truths, two falses and one wild card.
73
00:01:12,000 –> 00:01:13,000
Preston Golson [00:17:52]: Right. Or sometimes, you know, a conglomeration of different things thrown together to make a particular organization look bad. But again it’s based on some similar, usually it’s very rarely is it something that has nothing to do with some sort of anxiety that’s out there already.
74
00:01:13,000 –> 00:01:14,000
Frank Cilluffo [00:18:06]: You know, what’s one thing you think CEOs should be thinking about, going back to sort of reputation and hacking one’s reputation. What are a couple things they should, if you’re advising them today, tomorrow, as you probably have today and tomorrow?
75
00:01:14,000 –> 00:01:15,000
Preston Golson [00:18:21]: I think there’s this idea that disinformation, misinformation is some exotic problem. I wouldn’t other the problem. The problem can be handled within the regular course of business. As a company, as an executive, your job is to also help be proactive with your reputation of your organization. And the process of doing that, you can build resiliency against false, misleading narratives. Right?
76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:18:44]: You used a term I loved, pre bunking.
77
00:01:16,000 –> 00:01:17,000
Preston Golson [00:18:47]: Yes.
78
00:01:17,000 –> 00:01:18,000
Frank Cilluffo [00:18:47]: So I’ve never heard that term before used in this context. So explain that a little bit.
79
00:01:18,000 –> 00:01:19,000
Preston Golson [00:18:53]: So much like inoculation. So inoculation, you expose someone to a little bit of a virus so they have immunity to it.
80
00:01:19,000 –> 00:01:20,000
Frank Cilluffo [00:18:59]: So you’re not debunking that’s already reacting. This is getting ahead of it.
81
00:01:20,000 –> 00:01:21,000
Preston Golson [00:19:04]: And one example, I mean one example we saw like pre Russian invasion of Ukraine is when the US and UK declassified a lot of the arguments Russians were going to make to justify the war. They sort of put those out there ahead of time before the Russians did that to sort of like take down and, and take down the, the temperature on those things they’re planning to do. And you know, when you’re communicating, alright, so say someone thinks that my organization is a, let’s go back to the energy example. If we know someone may believe that we’re greenwashing per se, how do I communicate proactively to help people understand that I’m not doing that? Am I building third party validators who are independent from our organization, who have credibility with my audiences, who can go out there and say, hey, this company is actually doing the right thing? And can those people communicate in a way early on so people understand that? I’ll give another example. Apple communicates on privacy all the time.
82
00:01:21,000 –> 00:01:22,000
Preston Golson [00:19:57]: They’ve been putting billboards up for years on that. And the outgrowth of that is that it helps their customers believe that Apple respects their privacy and it builds resiliency amongst that customer set that Apple values privacy. So as a CEO, I’d say how can you communicate to your customers in a way that builds trust and credibility? I think for far too long organizations have taken trust and credibility for granted and we’ve seen that you can’t do that anymore.
83
00:01:22,000 –> 00:01:23,000
Frank Cilluffo [00:20:26]: Well said. And at the end of the day, it’s not just the organizations, it’s individuals too. Right? So these same tools and these same tactics and techniques and procedures that adversaries can use, they can be used against individuals as easily as organizations. Preston, you’ve covered a lot of territory here. What questions didn’t I ask that I should have?
84
00:01:23,000 –> 00:01:24,000
Preston Golson [00:20:47]: Let me walk through some of the things you can do once you’ve done the red teaming and some of the tools you can use. For example, if you discover that a particular issue is causing distrust among or could cause distrust among some of your audiences, you can use traditional communication techniques such as focus groups or research or surveys to really pinpoint what messages you can use as an organization that will speak to that particular issue. You can do that in a safe environment, testing environment that you can then use if you had to in a real world environment. So you’re taking this problem, you’ve identified this is a high risk narrative. These people could easily believe that we are X, Y and Z. You could take that information and you can use that in traditional sort of focus grouping and message testing varieties.
85
00:01:24,000 –> 00:01:25,000
Preston Golson [00:21:38]: Also, I call this your digital inoculation now. So we know LLMs are drawing a lot of information online and to create this thing we call one click search. So if I go to Google, I may search on, tell me about Frank Cilluffo. Right? And that first answer, that Gemini answer, the AI answer is maybe the only answer that I read. I may not go in and click on your bio. I may not go click on other things.
86
00:01:25,000 –> 00:01:26,000
Preston Golson [00:22:00]: I’m going to read that summary. And that summary is fed by the LLMs. Right? And what we’ve learned, we have an effort at Brunswick talking about AI Scorecard we do for clients where basically we look at how they show up online in the LLMs, whether that be Perplexity, Gemini, Grok, any number of those. And a lot of those things are fed by your own content, so your corporate website. So I say the corporate website is becoming more and more important and how you use that to seed information onto the Internet that gives your point of view and what’s the accuracy for you. So if you know there’s an issue that’s out there that there may be some contention around that, how can you use your corporate website to talk about those issues so that the LLMs draw from your site? So when I see that one click, I see Frank Cilluffo’s perspective or the McCrary Institute’s perspective on something. That’s becoming increasingly important for clients to understand because that’s something that they can control. They can put out content that addresses these issues that then feed into that one click search.
87
00:01:26,000 –> 00:01:27,000
Preston Golson [00:23:02]: Those are two very specific things people can do. And then the third thing I would say too is also develop your own sort of proactive campaigns. The challenging thing is misinformation and false misleading narratives are very compelling. How do you make your truth compelling? That may be visual, it may be not a 10 page fact sheet, maybe a video with your CEO explaining something in a very sort of accessible way. It’s getting creative about how you express your message so people can understand it in a very succinct fashion.
88
00:01:27,000 –> 00:01:28,000
Frank Cilluffo [00:23:34]: And in a way, we’ve seen this for years. If it bleeds, it leads, whether it’s the news. But at the end of the day, even individuals now have to take control of that narrative or others will. Preston, thank you so much for joining us today. Thank you so much for your service over the years. And thank you for being a Senior Fellow of the McCrary Institute.
89
00:01:28,000 –> 00:01:29,000
Preston Golson [00:23:54]: Yes, thank you very much.
90
00:01:29,000 –> 00:01:30,000
Frank Cilluffo [00:23:54]: Which I forgot to mention. Let me leave you with a token, figuratively and literally, of our appreciation, our coin.
91
00:01:30,000 –> 00:01:31,000
Preston Golson [00:23:59]: Thank you very much. Thank you very much, Frank.
92
00:01:31,000 –> 00:01:32,000
Frank Cilluffo [00:24:01]: And thank you. Great job, Preston.
93
00:01:32,000 –> 00:01:33,000
Preston Golson [00:24:02]: Thank you. Thank you.
94
00:01:33,000 –> 00:01:34,000
Frank Cilluffo [00:24:04]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.
