Alona Karpinska is the founder and CEO of Karpinska PR Group, a firm building and protecting reputation in global tech and finance markets.
Crisis management experts are aware of the risks: 98% of specialists consider disinformation a serious threat, yet 55% of companies still lack a formal crisis response plan.
Corporate information warfare remains insufficiently explored. Existing literature and professional guidelines may outline a strategic direction, but they rarely provide practical capabilities. In many cases, professionals rely on the experience of those who have already faced similar crises. However, as a practitioner who once spent considerable time searching for meaningful and applicable insights, I can say that such information remains critically scarce.
Even in high-profile cases, the information available publicly is usually limited to the perspective of the affected party. As the saying goes: “To catch a criminal, you have to think like one.” In practice, this means understanding which tools may be used against you, how audience perception can be manipulated, what sequence of actions attackers typically follow, and which methods are deployed at different stages of a campaign.
Learning From The Experts
Who operates at the highest level in the field of information warfare? Those dealing with threats that affect national security. Government institutions possess enormous resources for analyzing information operations and building teams capable of conducting and countering them. Today, the de facto academic and policy standard for studying such operations is FIMI, or Foreign Information Manipulation and Interference.
My own work draws on the teachings of organizations such as the European External Action Service, NATO StratCom Centre of Excellence, Bellingcat, Stanford Internet Observatory and other influential institutions. Their studies and operational frameworks have become essential for understanding the modern information environment.
DISARM: An Open Framework Used By Governments
Beginning in 2018–2019, researchers specializing in cybersecurity, cognitive security and disinformation analysis developed what later became known as DISARM (Disinformation Analysis and Risk Management). Influenced by MITRE ATT&CK, DISARM is an open framework that can help describe the behavioral dimensions of disinformation and FIMI through tactics, techniques and procedures (TTPs).
DISARM is used by ENISA and the EEAS, the European Commission, EU–U.S. FIMI cooperation mechanisms, and NATO-linked centers as a shared framework for analyzing FIMI and disinformation. Canada’s Rapid Response Mechanism and France’s VIGINUM also reference or adapt it, while the DISARM Foundation is listed as a signatory to the EU’s Code of Practice alongside Google, Meta and Microsoft services.
Applying DISARM In Corporate Practice
This brings us to the central question of this article: How can a corporate communications professional integrate this framework into their work without having a background in intelligence or national security? To begin with, DISARM consists of two core components.
DISARM Red maps how an information operation is conducted and which tactics are used at each stage.
DISARM Blue is the defense map. It focuses on countermeasures and how to respond to the attacker.
The red framework identifies four core phases of an information operation: plan, prepare, execute and assess.
Step 1: Auditing Vulnerabilities Through DISARM Red
Open the DISARM Red Framework and review its phases one by one. For each technique, ask: “What if this were used against us?”
During the plan phase, attackers identify the audiences they want to influence, including investors, clients, regulators, partners and media outlets. Understanding this allows companies to strengthen relationships with key groups before any attack begins.
During the prepare phase, attackers build infrastructure: fake accounts, proxy media outlets, anonymous Telegram channels and distribution networks. Companies should monitor the information environment surrounding their brand and establish a baseline of normal activity. Once that baseline exists, anomalies become easier to detect.
Step 2: Building An Incident Card
If an attack has already begun, DISARM provides a framework for systematizing it. Create an internal incident map and begin tagging hostile actions according to the DISARM taxonomy. This is not an academic exercise.
Once specific techniques are identified, patterns often begin to emerge. These patterns make it possible to anticipate the attacker’s next move and prepare a response in advance rather than operating in constant crisis mode. Analytical teams use DISARM by turning fragmented incidents into a broader campaign picture.
Step 3: Building A Countermeasure Library
DISARM Blue contains a catalog of response actions aligned with each technique outlined in DISARM Red.
For corporate teams, this effectively becomes a ready-made crisis response playbook adapted to the company’s industry, scale, and resources. DISARM does not dictate specific press release language. Instead, it provides a decision-making structure that helps determine when to remain silent, when to communicate publicly, when to involve legal counsel and when to engage external advocates or influencers.
A Practical Minimum For Corporate Communications Teams
If you are not ready to fully immerse yourself in the framework, start with something smaller. Once every quarter, conduct a two-hour red-team workshop with your communications team. Assign one person the role of the attacker, and ask them to model three realistic attack scenarios using DISARM Red. The rest of the team should develop response measures.
Alternatively, another option for leaders is Bad News, a free online game created by researchers at the University of Cambridge in collaboration with the Dutch media platform DROG. The game is based on the concept of psychological inoculation. Players enter a simulated social media environment where they are exposed to disinformation techniques and learn how manipulative content is distributed.
Why is this useful for corporate communications teams? Because one of the most effective ways to recognize manipulation is to briefly step into the role of the attacker yourself. After just 20 minutes with the game, familiar patterns in real information campaigns become easier to recognize. I recommend completing it with your team and discussing which techniques are most relevant to your industry.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
