Over the past year, several major developments in international affairs have taken center stage: the rapid and chaotic withdrawal of U.S. troops from Afghanistan, Russia’s invasion of Ukraine, and the continued rise in tensions in the Indo-Pacific region, including the South China Sea. and North Korea’s escalating actions. The growing destabilization of the geopolitical ecosystem increases concerns about potential threats to businesses and critical infrastructure in the United States.
Strengthening an organization’s cybersecurity to guard against attacks from external malicious actors continues to be a critical focal point for companies that do business in and with the United States. However, the employees who, intentionally or not, are often overlooked as the main target of cyberattacks, are the employees who, intentionally or not, have themselves become major vectors of risk. These employees are often targeted by attackers because of their role in the organization and their real or perceived ability to access sensitive or valuable data.
There has been a marked increase in traditional nation-state espionage. Russia has been particularly aggressive, recruiting a number of non-Russian nationals for spy on their behalf. Russian espionage and cyber warfare efforts have increased dramatically in the last decade.
This increase in the frequency and sophistication of nation-state espionage is certainly alarming. Mitigation of risk can be difficult when any employee who knows the points of violation or has access to privileged information can be interpreted as a potential threat. Just last summer a security guard at the British Embassy in Berlin was detained by German police and accused of collecting sensitive information for more than a year with the intention of sharing it with Russian authorities.
Moreover, insider recruitment is not limited to state actors. Earlier this year, the LAPSUS$ ransomware group recruited insiders willing to sell remote access to big tech companies and ISPs that would allow downstream access to “crown jewels” such as source code.
The disturbing reality is that even valued and proven employees who have been thoroughly and properly vetted may one day decide to sell their profession and integrity for profit. Once that line is crossed, the threat grows exponentially. In addition to having access to sensitive information that can be traded or sold, these insiders may also be fully aware of the company’s security measures and therefore may be able to circumvent them in ways that are more difficult to detect.
In February of this year, a United States Navy nuclear engineer pleaded guilty to attempts to sell classified information underwater to a foreign country. During his interview with law enforcement, he said he evaded detection for so long because he was specifically trained to identify the warning signs of a malicious insider threat and knew how. avoid arousing suspicion.
The rules of engagement have changed. Foreign adversaries no longer simply target American government institutions, as was the case during the Cold War. Today, they are using their increasingly sophisticated intelligence capabilities against a much wider set of targets, including critical infrastructure and other private sector and academic entities. Since much of America’s cutting-edge technology is developed outside of government and in the private sector, bad actors will often try to zero in on vulnerable employees who can be exploited for information or access.
Implementing a company-wide continuous appraisal system can provide an organization with the highest levels of defense against exploitation of employees by bad actors. With the appropriate level of awareness, management can remain alert to abnormal behavior or other signs that an employee is experiencing financial or personal stress. These and other risk factors can indicate whether an employee is susceptible to manipulation or corruption by criminals seeking to steal, harm or defraud their business. Conversely, signs of new wealth may indicate that an employee has already crossed the line and is reaping the financial rewards.
It is vital for organizations to frequently review and address their entire risk surface. Dangerous threats can be external and internal. Whether it is a nation state, a criminal or terrorist organization, or simply an unscrupulous competitor, adversaries actively seek to find and exploit insiders for their own gain. Early detection of unusual or inconsistent behavior allows management to intervene and anticipate any criminal activity, preserving the safety and integrity of the employee as well as the business.