Today, we’re joined by Dana. Dana Motley is the founder of Motley Matrix Business Solutions, providing business intelligence, cyber investigations and social media analysis. She brings 12 years of experience in intelligence, reconnaissance and surveillance technologies, social media intelligence, Open Source Intelligence, digital marketing, media relations, and partnered with a lifetime of volunteer work dedicated to opening doors in the name of endeavors that support equal opportunity within the security industry. She’s also very passionate about supporting efforts to counter online extremism, and acting as an advocate against coded bias and countering the integration of gender and racial biases into intelligence technologies.
Well, it’s great to have you on the podcast today, Dana, and I’m really excited about a conversation. civil action, and protests are increasingly vocal. And we’re seeing that across the world, North America, Europe, we know over the weekend alone, 16 different cities in Germany had civil unrest and protests. And we know these aren’t just idle citizens, their consumers and their employees, and they’re increasingly expressing their voices against and to corporations in the hope of influencing their business decisions. Dana, in your experience, what separates companies that merely survive an activist campaign from those companies that can actually thrive? (2:10)
Well, that’s a really good question. And now that we’re looking at threat, intelligence and response online now, as far as the actionable threat intelligence against a company brand, whether the issue really is going to be assessing the visibility of the brand all the way across all of your digital channels, which includes social media, or how you’re just going to protect your own company, and its executives, and thus, the brand from a digital attack or a reputation management issue. The real issue here we need to break down is the emergence of ideology and extremism within the workplace, and how those employees now are more or less walking specs, people for a company says establishing the brand and the policies internally, and then what immediate actions you’re going to be taking to resolve those issues in real time. So how quickly you can either shut down a communication thread that you don’t like, or respond to an attack online. (2:53)
I know you’ve spoken a lot about 360 visibility across digital channels. But how can companies actually do that? How do they mitigate the risks? without missing out on important Marketing and Communications opportunities when doing this? (4:02)
I think that you have to take a step back first and think about how companies are viewed today and really how brand marketing works. First and foremost, we have machines through marketing, advertising and PR that generates a brand to almost have a personality similar to a live human being that brand or that company has feelings, expressions, sentiments towards governance or government decisions. Sometimes you’ll even see an alignment like we’re having in the state with, you know, companies speaking out against government policies. So that in retrospect brings us to a place where we are today where corporations are being increasingly targeted by activist groups that are seeking to apply pressure they’re seeking to influence the brand or influence the business decisions for a variety of reasons. You know, it can be some people think that the company’s having too much power over their lives, some people feel that the company is putting profits over the people or over their employees. And some people just no longer want people to buy a specific brand, whether it’s you know, something to eat, or something to drink or a specific product that’s used. So the extremists that we have, or even just regular civilian activists, we’re seeing increasing use of tactics of intimidation, tactics of threats, even going into criminal activity online. So we have to look at how we can expand our threat assessment, look at the you know it from the proactive side, take an assessment of digital risk prevention, and then look at all different opportunities for a digital attack, whether it’s through social media, or through actual cybercrime, and then how you would use that to repair a reputation are the steps that need to be put in place in real time, so that you can conquer any issue at hand, whether it’s a threat against a corporate executive, I C level executives, it could be even a board member, or it could be a location on site, such as a factory. So there’s a variety of ways that we can look at this. I mean, the key understanding is how we’re having all of this political fragmentation on line that is translating into real life and affecting the sales or affecting the brand. (4:17)
That’s huge. And we know that there are an increasing amount of activists globally, that are using tactics of intimidation and direct action against companies and against governments that are taking actions that groups disagree with. But what does proactive digital risk prevention actually look like today? (6:46)
Traditionally, we’ve had an insider threat, or a threat assessment team underneath the department name of risk management, that’s not new to anyone. Nowadays, however, those same individuals have to have the mindset to protect every inch of a public attack surface. So if you think about it in real world terms, understanding the perimeter of a company, for example, the location where it is or a factory, all the different threat elements to hurt the employees or to protect the location, those are traditional, we would call traditional safety measures put in place and traditional action plans. However, now we have to enrich those traditional security programs with global intelligence that also incorporate social media, the digital vulnerabilities and when I say threats across every public attack surface, that means the social media but in house communications, the deep or dark web, and then of course, the issue of reputation management, or even doxxing of corporate employees. So it really is having a mindset that not only are you looking at every physical element in the real world, but you are now combining it with the mindset that the digital world or cyber can equal real world complications. So there is no A and B or apples and oranges, they start to come together on the same tree, if that makes sense. (7:07)
It totally makes sense. And we’ve spoken to earlier guests that have spoken a lot about online crimes, and where they’ve spoken about the increasing divergence between what’s happening online is the real world. It’s not just this fake world that might have been perceived to be 10 years ago, the online is part of the real world. And there is that complete emergence between the two, you spoke about the need, and how global intelligence is really needed to look across the entire surfaces. And you know, the traditional Risk Manager might look at a factory, as you said, and the entrances and egress points and crime statistics in an area. But what sort of professional are we looking for today? What sort of person and what sort of places should company B’s looking for to find the sort of expert that can do the sort of tasks that you’re talking about today? (8:45)
You know, to answer that question in the clearest way, you first have to look at what type of person are you targeting to who would in fact be a threat and how does how the threat models change. So you know, to your point, there is a global concept to these threats series, a international threat intelligence network that is constantly protecting fortune 500 companies which have multiple locations, multiple offices around the world. But that being said, Who is the person that is the biggest risk to a brand, we are very well versed in understanding and seeing outwards or seeing the external threat. But we also need to now look at the own company’s employees as an insider threat. So specifically, an insider threat specialist who has an understanding of responding or incorporating digital experts and digital marketing into a security plan. So for example, if you have, most of these activists are following what we call in the security industry, a leaderless resistance model, meaning they don’t have to necessarily have their own group where they are most likely, they are communicating with networks that could be either in a different city in their country, or even on an international scale. So it’s understanding how those communications work, what type of platforms that they’re using, whether it’s something as easy as an encrypted platform, or how you are going to track a brand drop online. So there has to be someone that has one foot in one world of security on the physical security, and then one foot into the world of cyber, I am one of those people that works very hard to make this easy to understand. This is not complicated. As far as having a understanding of just what is at stake here. The stake are obviously brand and reputation management or damage to the brand name. But we also have things such as fake Twitter accounts that are being created to create another voice for a CEO, we have threats to family members of a board, for example, where a decision is not being made to someone’s favor. So understanding how those communication channels are happening, whether they’re working on a specific platform, or they’re working, even internally, sometimes you find employees that are speaking, for example, on the actual office computer across the room about something that is not being monitored yet. So this is a kind of the Wild West, you could say as as far as understanding how digital risk protection has to be incorporated to provide physical security as well.