Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

How Behavioral Intelligence Can Combat Foreign Interference

Foreign Interference Case Study

Foreign interference is arguably the biggest threat facing national security today, as adversaries increasingly weaponize insiders to advance their strategic objectives.

DTEX first revealed the gravity of the threat in the 2024 Insider Risk Investigations Report, noting a 70% increase in organizations seeking support in protecting against foreign interference since 2022. According to the report, 43% of investigations involved theft of intellectual property (IP) or non-sensitive proprietary data. The report also sheds light on the lengths adversaries are going to, often blending external and internal tactics, like social engineering, to take data and evade detection.

The concern isn’t going away; the Department of Homeland Security recently issued a memo outlining its top five priority risk areas. Coming in at number one is combatting “cyber and other threats posed by the People’s Republic of China”. The memo also highlights the threats from other malign “grey zone” activities, including “financial investments in infrastructure and emerging technologies, traditional espionage, and insider threats.”

Whether it’s prepositioning on critical infrastructure for future sabotage or stealing competitive IP at a tech giant, the appetite for spying to gain knowledge and power has never been greater. Staying ahead of foreign interference is a key priority for protecting sensitive data and national interests. This starts with behavioral intelligence.

The power of behavioral intelligence

As a human challenge, there is no quick fix to combating foreign interference and associated data theft. This is because acts of foreign interference or espionage are driven by specific motivations and intentions, both of which are human-driven concepts (not technological). While well intentioned, Data Loss Prevention tools don’t work because they don’t understand intent nor were they designed to.

Without understanding intent, organizations cannot detect the risk of data theft or loss – they can only respond to it after the fact.

Organizations that have a mechanism for understanding user intent based on behavioral intelligence (i.e. insights on how and why the user interacts with data, machines, applications, and people) can intercept foreign interference and data exfiltration before significant harm occurs.

Case study: Uncovering foreign interference

DTEX Systems Co-Founder and President Mohan Koo recently wrote about the rise of IP theft stemming from foreign interference, especially among tech, pharma, and critical infrastructure industries. Of particular concern relates to foreign talent plans, where nation states recruit, plant, and pay their own civilians to steal data from another organization in exchange for money.

This particular use case is on the rise and is one that DTEX is frequently pulled in for investigations support.

In one investigation, DTEX investigators found that an individual had been recruited, planted, and paid by a nation state actor to steal sensitive IP at a major technology company. The individual was a third-party contractor with privileged access, just six months into their employment.

By leaning into the behavioral insights of the user, afforded by the InTERCEPT platform, the investigators were able to quantify the individual’s risk and step in early to disrupt further malicious activity.

The video below explores this specific case study and how the investigation played out. Importantly, the case study demonstrates the power of behavioral intelligence in enabling early detection and mitigation for use cases associated with foreign interference and IP theft.

Supporting prosecutions

Thanks to the platform’s forensic audit trail, DTEX was able to prove that the individual was lying during subsequent interviews, and ultimately drove the individual to come clean.​

It was discovered that the individual had paid for a flight back to their recruiting country, but DTEX’s timely response enabled the company and FBI to apprehend the individual and pursue prosecution.​

In the end, the individual pleaded guilty and cooperated, providing further insights beyond what was originally asked.​

It is almost certain the individual’s motives for engaging in nation-state espionage and IP theft were for financial gain and that they were planning to carry out IP theft of AI R&D at other tech companies.​

Staying resilient

The above case study demonstrates the power of behavioral intelligence and understanding intent in countering foreign interference and insider threats to protect sensitive IP and mission-critical entities.

By leaning into actionable behavioral data across the Insider Threat Kill Chain, organizations can provide early detection and mitigations to combat foreign interference and insider threats before it’s too late.

Quick FAQ

What is the threat of foreign interference?

Foreign interference presents a significant threat to national security and the foundations upon which civilians rely and thrive. Depending on how it manifests, foreign interference can arm adversaries with sensitive information that can be weaponized to advance their strategic objectives (often military, economic, or technological) at the expense of the target country.

In the context of insider risk management, foreign interference might play out as unauthorized data access, IP theft, or system sabotage (for example, disrupting critical infrastructure services). The ramifications can be severe, jeopardizing national security, undermining democracy, and eroding public trust. For more information on the threat of foreign interference, download the DTEX 2024 Insider Risk Investigations Report.

What does foreign interference look like?

The vast majority of insider threats linked to espionage or foreign interference follow a certain pattern of activity leading up to a security breach. DTEX’s 2024 Insider Risk Investigations Report highlights the specific behaviors of malicious and super malicious insiders across the Insider Threat Kill Chain – many of which have been linked to foreign interference and espionage. These super malicious behaviors can be found here

Understanding the detailed steps, or behaviors, leading up to an insider attack plays a big part in preventing a data loss incident, enabling organizations to identify and mitigate issues before a breach or security incident occurs.

Visibility into the entire kill chain — not just one or two steps — is imperative. This is because the earlier phases of the kill chain hold the answers to some of the most important questions, both for incidents that have yet to fully unfold and for those that have already occurred.

To learn more about the specific potential risk indicators associated with foreign interference, read our Threat Advisory for Detecting, Deterring, and Disrupting Foreign Interference.

View Threat Advisory