Welcome to this month’s Insider Risk Digest. This month, we explore a range of insider threats affecting sectors from government to entertainment and pharmaceuticals. Highlights include potential espionage in critical infrastructure projects, a former CIA analyst’s espionage charges, and significant corporate breaches at Disney and Roche. We also examine ethical controversies at OpenAI and organized crime’s impact on European ports.

European countries continue to hire Russian technicians and freelancers to map and inspect critical infrastructure in the North Sea. With rising geopolitical tensions, however, the risk that Russia exerts influence on these individuals to facilitate intelligence collection is high. Legitimate access to critical infrastructure allows for the collection of sensitive information, increasing the threat of sabotage and espionage. Despite the strong attention insider risk and hybrid warfare are receiving, a total overview of all vulnerabilities is absent. These seem to be lying in the third-party environment such as hired companies, suppliers, and freelancers.

A former US Central Intelligence Agency Analyst has been indicted over charges of acting as a spy for the South Korean government in exchange for luxury items. Her work for the South Korean government allegedly began after she stopped working for the Central Intelligence Agency and National Security Council, but had not registered herself as a foreign agent. Under secret instructions from officials of the Republic of Korea (ROK) government, Terry publicly promoted ROK policy positions, leaked confidential U.S. government information to ROK intelligence agents, and facilitated ROK officials’ access to U.S. government personnel. In return for these activities, ROK intelligence officers supplied Terry with luxury items, lavish dinners, and over $37,000 in funding for a public policy program on Korean affairs that Terry managed.

Disney finds itself at the centre of an insider risk incident as it investigates a massive leak of internal messages. Whilst compromised by a group of hackers, the hackers have stated that they accessed Disney’s Slack channel through an insider. The hacker group claims to defend and protect artists’ rights and fair compensation, following a rise in AI-generated artwork. 

Pharmaceutical giant Roche has initiated legal action against Foresight and Stanford University, alleging the misuse of trade secrets. The lawsuit claims that proprietary information was unlawfully utilised, potentially impacting Roche’s competitive edge. Specifically, Roche argues that Foresight and Stanford have applied for patents relating to cancer detection and monitoring technology using confidential information. Foresight’s founders had worked for Roche as consultants and contractors. 

OpenAI faces allegations from whistleblowers who accuse the company of imposing illegally restrictive non-disclosure agreements (NDAs). The accusations suggest that these NDAs may have been used to silence employees and prevent the reporting of unethical practices, with the internal whistleblowing mechanism overly restrictive.  

Tran-shipment company Bulk Terminal Zeeland has been ordered to close for a year due to its involvement in major cocaine trafficking cases. The firm’s operations and directors were found to be deeply entangled in illegal activities, potentially posing as a front company. This news comes following rising concerns that smaller ports in the Netherlands and Europe are being targeted by organised crime due to the increase in surveillance and mitigation measures in Rotterdam and Antwerp. 

Thank you for reading this edition of the Insider Risk Digest. These cases underscore the urgent need for robust insider risk management. If you found this digest useful, share it on your socials and stay tuned for more updates.