Insider Risk Digest: January

Introduction

With the turn of the year, we welcome our first Insider Risk Digest of the year. Now a monthly edition, the digest will be diving even deeper into the most impactful cases and developments on our insider risk radar. Our first Insider Risk Digest of the year will focus on cases targeting the public sector, infringements upon worker’s rights, and insider trading. 

Canada’s government has tackled insider risk head-on in early 2024 with the release of new policy on sensitive technology research and affiliations of concern. Reflecting on trends we have seen first hand in 2023, academic espionage is on the rise. Specifically, institutions involved in transformational areas which could have dual-use applications for military and surveillance, such as Artificial Intelligence and quantum computing, are increasingly vulnerable to insider threats. The Canadian government recognises these vulnerabilities, compounded by the academic ecosystem’s reliance upon open collaboration and excellence, making it a key target for foreign influence. 

To secure and protect Canada’s cutting edge research, universities or affiliated research institutions involved in research affecting sensitive technology areas will not be funded by any researchers affiliated with institutes connected to military, national defence, or state security entities that could pose a risk to Canada’s national security. The Canadian government has thus published a list of both sensitive technology areas and named research organisations which pose a risk to Canada’s national security. This new policy reflects the increasing vulnerability of academic institutions to foreign disruptions, and the incremental link between governments and academia.

As the host of NATO’s and the European Union’s headquarters, most would think Belgium would be wholly equipped to effectively tackle espionage. Nevertheless, one of the most fundamental countermeasures leaves both the public and private sectors vulnerable to insider risk: there is no adequate legislation. Indeed, foreign interference and espionage are not considered crimes under Belgium’s penal code. According to an investigation published by the Financial Times, Le Monde, and Der Spiegel, Frank Creyelman, former Vlaams Belang party-member, has carried out tasks on the behalf of Chinese spies for over three years. Creyeleman was asked to influence decisions in the European landscape on issues close to China’s strategic interest. Whilst there was knowledge of his activities, investigators needed an appropriate cause to launch a formal investigation against the now-former politician.

As mentioned however, the main difficulty for prosecutors is that espionage and foreign interference are not considered crimes in Belgium. However, a separate angle has presented itself; prosecution for corruption. As Creyelman is said to have received funds in exchange for his efforts to influence EU policy regarding China, Belgium’s anti-corruption service produced a report calling for and thus approving an investigation. For future resilience, Belgium’s parliament will be voting on a reform in the coming weeks, with the aim of placing articles against espionage and foreign interference into force, helping the country curb insiders in the realm of politics.

With the turn of the year, all of us are looking to finally putting the coronavirus pandemic behind us. However, some of the pandemic’s impacts on our workplaces cannot be reversed. Amongst these are new working practices, such as working remotely a number of times a week, embracing the contemporary need for employee flexibility. However, with concerns over productivity and oversight, the Bank of America issued “letters of education” to employees who had not been showing up to the office ‘enough’. These letters warned of disciplinary actions if the Bank’s request had not been met. Other Banks are said to have issued such letters in a recent sectoral-wide effort to encourage employees to come back to the office working full-time.

The risks related to remote working are numerous, as employees run the risk of lowering their attention, thus reducing adherence to security policies and increasing their exposure to external and internal risks. However, protecting employee well-being is just as important, as disgruntled employees can cause critical damage from within. As such, striking the right balance will remain a delicate task for organisations throughout 2024. 

The monitoring of employees can relay metrics measuring performance and help identify suspicious behaviour which may indicate security threats. The increasing digital harmonisation between processes has made these metrics easier to collect than ever before. However, some organisations have overstepped boundaries in the search for greater performance indicators. Amongst these are Amazon, fined €32 million for excessive surveillance of its workers in France. Following complaints by employees and media coverage of the working conditions at Amazon France Logistique, France’s data protection agency found that numerous areas where Amazon breached the GDPR directive. The data collection was so broad in scope that employees were even measured through their handheld scanners so precisely that workers had to justify each breach. For example, an alert could be triggered if an employee scanned two items within 1.25 seconds, increasing the risk of error. 

Similar to the balance needed to be struck between worker’s flexibility and their productivity, a delicate balance must be found between privacy and security. Monitoring employees can be an incredibly useful tool not just to measure productivity, but also to identify indicators indicating the potential occurrence of insider acts. Overly invasive practices however, can alienate employees alongside exposing organisations to large litigation costs.

Pfizer statistician Amit Dagar has been found guilty of insider trading after making more than $270,000 dollars through purchasing stock options the day before Pfizer released trial data. The short-term stock options rose more than 11% overnight. However, Dagar faced more charges than those strictly related to insider trading. Indeed, Dagar also disclosed the sensitive trade secrets with a friend who also generated profits of around $60,000. Whilst the damage of this incident rests primarily upon Dagar, Pfizer must recognise the clear breach of it’s trade secrets’ confidentiality. The question that arises is what measures could have stopped Dagar from sharing Pfizer’s highly sensitive test results with competitors, had he wanted to?

Take the Next Step in Insider Threat Mitigation

Concerned about insider threats within your organisation?

Book a meeting with our experts today to develop a tailored strategy that safeguards your organisation's integrity and intellectual property

Book a Meeting

Share Post Online

Join the conversation

Shopping Bag 0