hero image
logo
ellipsis
George Little - Brunswick Group. Washington, DC, US

George Little

Partner, Head of Office, Washington, D.C. | Brunswick Group

Washington, DC, UNITED STATES

George Little specializes in crisis communications, cybersecurity, reputational and public affairs matters.

Contact

Answers (2)

Top 9 cybersecurity myths

View Answer >

MYTH: Your computer network is safe if you have a strong enough security “fence”FACTThere is a “new normal.” Every fence has holes. Hackers will find a way into your system, so you need to plan for that eventuality by enhancing the internal protection of your most critical data. You should also think ahead about how you will explain a hacking episode publicly. What story do you want to be able to tell when – not if – your company has a breach?MYTH: All security incidents are created equalFACTHackers have different methods and objectives when accessing corporate systems. Like robbers rattling doorknobs to find an unlocked house, hackers test security systems all the time. Some merely probe networks, while others seek to steal, manipulate or destroy data. The information they target varies with the intent, from customer credit card data that they can steal to sensitive internal communications, research and development projects, or full customer profiles that can be used to expose or embarrass the parties involved.MYTH: The government will help with a breachFACTYou’re mostly on your own. In many countries, companies learn they had a security incident from a government agency, but often the assistance ends there. For major events where officials are interested in information about how a hack was executed, the government might offer investigative or forensic help from law enforcement and intelligence officials. But governments are sometimes wary – for legal or political reasons – of helping companies fix their computer systems or of retaliating against the believed perpetrator of a hack on behalf of a company or group of companies. Governments have their hands full protecting their own networks.MYTH: Computer systems security is just an information technology problemFACTPeople, not software, tend to be the weakest link in data protection. A study by computer security firm Trend Micro found that 91 percent of cyberinfiltrations began with “phishing,” where malicious links are embedded in emails sent to unsuspecting employees or customers. Recipients unknowingly grant the hacker access to their computers when they click on the link.MYTH: Communicating about a corporate breach must be reactiveFACTPlotting out a communications strategy in advance for different types of data security problems will help a company understand the risks and plan for them. It’s also worth thinking about what data the company has that could be damaging to it – or others – if released.MYTH: All hacking is a cyberattackFACTThere are many flavors of hacking, and the most common types are not attacks but network infiltrations to steal corporate secrets. Cyberattacks that manipulate or destroy data or computer systems are still relatively rare. However, these attacks have been on the rise, as seen recently with the breach at Sony Pictures that both destroyed data and exposed embarrassing company communications.MYTH: Breaches must first be handled by technical and legal experts and only later shared with other key people in a companyFACTGiven the reputational risk a breach generates, an organization’s communications team should be involved in early discussions about the event to provide guidance on how to ensure the company maintains the trust of the public. The team should also be well versed in cybersecurity basics before a hacking incident, so it can quickly get up to speed when one occurs.MYTH: With a breach, the biggest problems are security and legal issuesFACTThe greatest threat a breach poses is ultimately to corporate reputation. While the need to fix security problems and address legal issues is clear, companies may not realize that how they discuss the event publicly at the outset will often determine whether they can recover the confidence of the public – and investors – once it is over. Companies that change their story over time risk a more severe loss of that trust.

What are 5 questions every board should ask about cybersecurity?

View Answer >

1. What procedures do you have in place to manage a breach?An ideal response will demonstrate that the company has thought through multiple scenarios. Plans for handling a breach should go beyond simply escalating the situation to the IT and legal teams, and should include customer service, public and government relations and employee communications. Board directors, management and the business’s various departments all need to understand their role within the overall plan. Multinational corporations must consider reporting requirements and account for additional coordination complexities across regions.2. Have you tested your preparedness plans?A table-top simulation allows a business to stress test and improve how it would handle a crisis. This exercise helps companies uncover areas where more preparation is needed. Who should be in charge of these simulations will vary from company to company. But the trials should include high-level participation across the organization, including the CEO. The group has to make sure the simulation incorporates a response that addresses affected stakeholders, taps into all relevant resources and procedures, and points out the unforeseen problems that actions in one department can cause in another.3. Do customers understand your data collection and usage practices?You don’t want customers to learn about the data you have from a breach notice or media coverage. Instead, your company should periodically evaluate its data collection and uses, and assess how they could be putting the business’s reputation at risk. Make sure your data story is clear and that you’re articulating the value that the usage provides to customers. Increasingly, organizations are writing their privacy policies with this in mind, clearly outlining what they collect and why.4. How do you decide how much to invest in security - and where?One hundred percent security is not possible and the number of possible avenues of attack alone prevents an ironclad defense. In addition, some companies may choose to take on more risk in order to improve the customer experience. In light of this, companies need to weigh the degree of security against the needs of the business. The smartest companies are thinking about security early in the product development cycle. Companies should organize security into tiers, focusing additional resources on the most sensitive data and working outward from there.5. Are you educating employees on the best cybersecurity practices?Increasingly, a company’s employees are seen as the weakest link in any data security regimen. They are vulnerable to “spear-phishing” attacks, when an email from what appears to be a trusted source – an individual or business – requests secure information about the company. The hope is that the recipient will reply automatically, handing over the keys to the castle in the process. Five out of every six large companies – those with more than 2,500 employees – were hit by spear-phishing attacks in 2014, according to a recent Symantec Internet Security Threat Report. That’s a 40 percent increase over the previous year.To counteract such scams, more companies are choosing to educate employees about common cybersecurity risks. These programs should complement the use of any hard controls, such as mandatory password strength requirements. The goal should be to empower employees by arming them with basic knowledge: how to spot an attempt to breach security, where to go to ask questions, and who to inform when they identify a potential threat.

Media

Publications:

Documents:

Photos:

Videos:

Anthony Clark Arend and George Little discuss U.S. foreign policy priorities for 2016 - Clip 6 Cybersecurity Threats Facing the Mining Industry

Audio/Podcasts:

Social

Biography

George is a Partner in the Washington DC, office specializing in crisis communications, cybersecurity, reputational and public affairs matters. He also co-chairs the global Cybersecurity and Privacy practice, helping clients prepare for and respond to cybersecurity incidents.

Prior to joining Brunswick, George was head of Marketing and Communications at Booz Allen Hamilton, a leading provider of management consulting, technology and engineering services to the U.S. government, corporates and non-profits. He brings extensive expertise from the highest levels of the national security and defense community, as well as the private sector. Before joining Booz Allen Hamilton, he served as Assistant to the U.S. Secretary of Defense for Public Affairs and Pentagon Press Secretary, and as Director of Public Affairs and Chief of Media Relations for the U.S. Central Intelligence Agency (CIA). In these roles, he worked closely with counterparts from other governments to address the full range of security challenges facing the U.S., its allies and partners around the world. He also spent five years at IBM advising corporate and government clients on business and technology strategy.

In addition to his work at Brunswick, George is on the Board of Advisors for the University of Chicago’s Project on Security and Terrorism, the Board of Advisors for the Masters of Science in Foreign Service Program at Georgetown University, as well as the Board of Imagination Stage, a children’s theater and arts education center serving youth of all ages in the Washington area.

Areas of Expertise (7)

International Relations

Crisis Communication

Counter Terrorism

American Politics and Government

Media Relations

National Security

Cyber Security

Education (3)

Georgetown University: Ph.D., International Relations and Affairs 2000

University of Virginia: M.A., Foreign Affaris 1994

University of Virginia: B.A., Echols Scholar 1994

Affiliations (4)

  • Central Intelligence Agency
  • Pentagon Press Secretary
  • Booz Allen Hamilton
  • IBM

Articles (3)

5 Takeaways from the 2019 State of the Union

| Brunswick Group Perspectives (2019)

President Trump delivered his second State of the Union speech before both houses of Congress. In a speech that lasted 82 minutes, a subdued President Trump struck a conciliatory tone but held fast to partisan positions on immigration and abortion.

view more

2018 U.S. midterm elections briefing

| Brunswick Group Perspectives (2018)

As we step-back from the 2018 U.S midterm election results, Brunswick’s Washington office shares five key pieces of post-midterm advice for executives.

view more

Ask not what your country can do for you…

| Brunswick Group Perspectives (2017)

As spokesman for the Central Intelligence Agency from 2007 to 2011, I was accustomed to surprises. Still, I could never have predicted that I would be asked to prepare the communications plan used to publicly discuss the May 2011 raid on Osama Bin Laden’s compound.

view more