In this edition of our Insider Risk Digest for weeks 43-44, we dissect pivotal cases from IP theft in the pharmaceutical sector to corporate espionage impacting global semiconductor competitiveness, and the use of deep fake technology for employment fraud funding missile programs. We explore how these insider risks shape strategic business outcomes and national security, highlighting the need for stringent data protection and thorough vetting of third-party affiliations. Stay updated with the intricate world of insider threats as we provide insights and analyses on these pressing issues.
A former employee of a Novartis affiliate has been accused of stealing data from his former employer, and bringing it to Takeda. The implicated individual worked as operations lead for cell and gene therapy at Novartis’ Egypt branch, and allegedly transferred some 10,000 files to his personal file before his departure from the company. The files are said to include “sensitive, confidential documents”, including technical and financial data. High-profile cases concerning the loss and compromise of proprietary information are increasing in the pharmaceutical sector. Novartis is now asking Takeda if they can inspect Takeda’s business records to identify whether any of its confidential information had been used improperly. Takeda is reluctant to cooperate however, perhaps seeking to protect its newly gained information.
Two large failures must be accounted for. The first is a lack of data protection mechanisms, monitoring the download of data and its transfer through insecure flows. Furthermore, this case serves as a stark reminder that off-boarding procedures must be proactive, with 12% of departing employees bringing intellectual property from their previous employer with them to their new position.
What’s more, is that this phenomenon has also recently hit ASML, a global innovation leader in the semiconductor industry based in the Netherlands. A former ASML employee has been accused of stealing trade secrets, in a case concerningly similar as that of Novartis above. The Chinese national had been accused of stealing trade secrets in early 2022, but it has recently been reported that he has now been employed by China-backed Huawei. Amid increasing geopolitical tensions, ASML and other European and American semiconductor companies have accused China of stealing not only intellectual property, but also talent. This case highlights the role insiders can play not only from a competitive and reputational perspective, but also their effect on strategic competitiveness between countries.
A former Siemens Energy executive has been charged for an alleged conspiracy to steal Mitsubishi Heavy Industries and General Electric trade secrets. This allegedly facilitated Siemens’ efforts to earn a procurement contract of around $300,000,000 to build a turbine plant for Dominion, an energy provider in Virginia. The information was acquired through convincing a Dominion employee to share information over the competitor’s bids in exchange for gifts. This allowed Siemens Energy to undercut the competitor’s, giving them a large advantage as price is a large determinant factor deciding who wins a tender competition. This case highlights the increasing incidents regarding insider risk in tender competitions. Whilst in the case of Dominion the insider compromised the fair competition, tender’s can also be subject to unfair competition of a strategic nature. For example, Huawei has been accused of stealing information on competitor’s tender bids to establish strategic dependencies for European countries. As such, insider threats must also be increasingly understood in the realm of procurement and tender competitions.
A former National Security Agency employee attempted to sell classified information to someone he believed was a Russian agent. Little did he know that this was an undercover FBI agent. The former NSA employee attempted to sell copies of classified information marked top secret. The employee displayed signs of ideological motivation for his actions, stating that there “was an opportunity to help balance scales of the world whilst also tending to my own needs”. The employee was looking for around $100,000 in compensation for the information he had shared. This serves as a stark reminder that whilst organisations, especially governmental agencies, are on high-alert for infiltration by external threat actors, no less attention can be given to insiders, especially those showcasing ideological diversions.
Whilst on the surface, the connection between deep fake IDs and Ballistic Missiles might seem far-fetched, the recent press conference held by the FBI and the Department of Justice proves otherwise. According to Jay Greenberg, FBI’s special agent in charge, thousands of IT workers contracting with U.S. companies have been secretly sending millions of dollars from their wages to fund North Korea’s ballistic missile program. This strategy is targeting freelance positions, where North Korean individuals applied for these positions using posing as non-North Korean nationals through deep fake IDs and fake addresses in the U.S. This has reminded the risk in hiring and contracting third-parties, including the need to perform due diligence. In fact, the value of screening should not be lost when contracting third-parties or freelancers who will be associated with an organisation and have privileged access to its information.