The November edition of the Insider Risk Digest for weeks 45-46 has revealed disturbing cases of workplace violence and the critical role of organisational culture in mitigating and responding to insider risk. The publication also delves into national security implications and the growing threat of Insider Risk, as well as the need for legislative countermeasures to help organizations defend their critical assets.
A troubling finding was brought to light in an investigation by the BBC, which revealed reports and claims by McDonald’s employees in the UK regarding sexual assault, harassment, racism, and bullying. Since the publication of the investigative article in June 2023, the BBC has received over 160 additional allegations from individuals, some of whom are underage. These individuals are planning to take legal action against the fast-food giant, accusing it of failing to protect them. The fact that most workers are not directly employed by McDonald’s, due to its use of franchise systems, raises questions about how the company can ensure thorough oversight over its franchises to improve working conditions and combat workplace violence.
Another concerning case highlighted by the Insider Risk Digest involves a recent data breach at Okta, a company that specializes in identity and access management. The breach occurred when an employee signed into their personal email on their company laptop, granting hackers access to the customer support system. While the employee clearly violated company policy, the incident also underscores the importance of senior management implementing thorough countermeasures to reduce the impact and likelihood of insider incidents.
In yet another disturbing incident, a former UBS employee was sentenced to seven years for stealing almost $2 million from the bank and laundering the illegal proceeds through luxury purchases during the pandemic. These recurrent cases concerning financial institutions raise concerns about the lagging internal monitoring measures and the lack of support provided to employees, highlighting the need for a review of the organisational culture within the sector.
Furthermore, South Korean prosecutors have been calling for harsher sentencing against individuals compromising the proprietary information of leading South Korean organizations, such as Samsung, amid rising cases of industrial espionage. The need for legislative safeguards protecting critical national players from losing their intellectual property to strategic foreign competitors has been underscored by the alarming trend of industrial property theft cases.
Lastly, the Australian Government’s Critical Infrastructure Annual Risk Review highlighted espionage and foreign interference as the principal national security concern, supplanting terrorism as the biggest threat. This shift emphasizes the need for organizations, both public and private, to take action to safeguard their vital assets.
In conclusion, the Insider Risk Digest for weeks 45-46 has shed light on a range of alarming incidents and trends, prompting urgent discussions on the need for comprehensive solutions to address insider risk and protect critical assets. With the evolving landscape of insider threats, the role of organizational culture, legislative countermeasures, and internal monitoring measures has become increasingly critical in mitigating and responding to insider risk. Stay updated with the intricate world of insider threats for further insights and analyses on these pressing issues.