Insight

Data security, intellectual property, and operational continuity are at risk from insiders. Intentional and unintentional acts can expose businesses to losses. But getting Insider Trust right isn’t just setting up a one size fits all DLP tool.

For most businesses, insider threats are not spies placed or recruited by foreign governments. They’re much more likely to be normal employees tight on cash or angry with a coworker. These folks might sell their credentials, your data, or other proprietary business information online.

LAPSUS$, a criminal group, saw two of its teenage members sentenced to jail in the UK just this week and had recruited insiders for cash.

Hoping folks follow the rules isn’t an insider threat program.
Hope will not alerts managers something is amiss with an employee.

Insiders are not just those strapped for cashing. Some just want to feel important. Appeals to their ego, alongside gifts and firm handshakes, will help these folks open doors. An insider a Twitter abused legitimate access to his workstation to help Saudi Arabia identify and track dissidents in the US—some of whom were actually kidnapped and renditioned back to the kingdom.

Without an intentionally crafted insider trust program, there’s little hope of catching these folks in the act.

Fully account for the ways in which intentional and unintentional behavior can harm your firm is just the first step to preparing an insider trust program. Identifying pathways to harm, the proper use of tools and rules to prevent those actions, and fostering a culture of caring about employees is critical to making the most of your insider trust program.

For more information or assistance on these issues, please reach out to intel@ks.group.

Forwarded this ExecBrief by a friend? Click below to sign up for our weekly dispatch.

Global Scan

Geopolitics

1. BRICS Aims for Historic Expansion, Invites Six New Member-States: The symbolic grouping of Brazil, Russia, India, China, and South Africa extended invitations to Argentina, Egypt, Ethiopia, Iran, Saudi Arabia and the United Arab Emirates to join next January. Moscow and Beijing in particular see BRICS as a possible counterweight to Western trade and financial mechanisms, though success has thus far proven elusive.

2. Germany Drafting New Foreign Investment Screening Rules: Draft legislation envisions auditing foreign investments’ prospective access to goods or technologies, beyond merely voting shares. The Ministry of Economy is also the ministry is also considering reviews on the security significance of new facilities and R&D arrangements with foreign entities.

Cybersecurity

1. British Intelligence Tipping Off Ransomware Targets: Leveraging their unique and exclusive access to a range of threat feeds, the security services have established a free system, called Early Warning. Organizations and companies, however, must opt into the service themselves to receive alerts – as of 2022, only a fraction have done so.  

2. Seoul Looks to Combat North Korean Hackers: After urging the military’s cyber command last spring to shift from a defensive mindset to more preemptive, active operations, President Yoon Suk Yeol joined the US and Japan in a recent joint statement on countering North Korean cyber operations.

3. Microsoft Says China-Based Actor Targeting Taiwan: The espionage campaign, ongoing since 2021 and dubbed “Flax Typhoon,” is focused primarily on government agencies, education, critical manufacturing, and information technology organizations.

Strategic and Emerging Technology

1. Huawei Building Secret Chip Network, Trade Group Says: Backed by tens of billions in state funding, the company intends to leverage at least five production facilities in China under corporate pseudonyms to skirt US sanctions, according to a US-based semiconductor industry association.  

2. Researchers Claim Graphene Breakthrough for Hydrogen Energy: Available means to generate and use hydrogen depend on expensive and polluting catalysts and membranes. A new method promises fundamentally new ways to induce chemical reactions, which could revolutionize lower-cost hydrogen-related technologies.

3. Cloud-Based Water-Heaters?: A UK-based initiative uses distributed cloud servers and thermal-transfer technology to heat homes, make cloud service more accessible to smaller businesses, and reduce carbon emissions.

Policy/Regulation

1. EU’s Digital Service Act Poised for Enforcement: As of this week, the world’s largest social media companies, e-commerce platforms, and search engines will be required to comply with the legislation, which entails sweeping fines of up to 6 percent of global annual revenue for violations around user privacy, data protection, and illicit content.

2. US Cyber Director Extends Deadline for Input on Industry Requirements: Commercial entities, non-profits, and researchers now have until October 31 to submit their comments and evidence regarding new baseline cybersecurity requirements. Of particular interest: harmonizing critical infrastructure and other industry baseline standards.  

3. FCC Kicks Off “US Cyber Trust Mark” Program: An initial call for public comment on the new program – designed around NIST cybersecurity standards – aims to conceptualize its scope, oversight, compliance markers, and consumer familiarization.

Bookmarks

1. Carnegie Endowment: Battery Deal Signals New US Approach toward Africa

2. Center for Security and Emerging Technology: Assessing South Korea’s AI Ecosystem