The FBI is warning Silicon Valley companies to be wary of insider threats, Protocol reports. FBI special agent Nick Shenkin told Protocol in an interview that authoritarian governments—mainly China and Russia—frequently pressure employees at US companies to conduct espionage.
“This is a quotidian activity,” Shenkin said. “This is a massive fundamental activity that bolsters and is one of the mainstays of many autocratic countries and their governments.”
Shenkin said the FBI is offering briefings to raise awareness about these threats.
“The reason why we're being so much more assertive about these briefings and trying to be more open with U.S. industry is because we've just come to the realization that if there is no cost, then they will continue to do what they're doing,” Shenkin said. “So the briefings are like, ‘Please American companies, raise your shields, protect yourselves, make it more expensive for the thieves to rob you, and the country is stronger, and you're stronger.’”
Shenkin stressed that employees are most often driven to espionage in these cases because they have family members living in an authoritarian country, which their governments use as leverage against them. This is one of the four types of motivations described by the acronym “MICE,” used in counterintelligence training: “M” for “money,” “I” for “ideology,” “C” for “compromise,” and “E” for “ego.”
“A lot of what the briefings cover is the idea that this is not about the ethnicity of the individual,” Shenkin said. “This is about: What is any individual's or entity's vulnerability to the jurisdiction of an autocracy? Because what we see overwhelmingly is people who end up stealing intellectual property, very often, they have no desire to be stealing intellectual property.”
He also added that companies shouldn’t be complacent just because they don’t think they have anything valuable to steal.
“If you're a quantum computing company, or a biotech company, or a green tech company, you are a juicier zebra on the Serengeti,” Shenkin said. “But they're also going for just the slowest zebra on the Serengeti.”
So help your people out by building a supportive, non-punitive, and sympathetic culture of security. New-school security awareness training can give your organization an essential layer of defense by teaching your employees to thwart social engineering attacks.
Protocol has the story.