By Josh Cook
Ever since the COVID-19 epidemic popularized offshore remote working conditions, many organizations have learned to embrace these positions. There have been incentives for doing so, such as the astounding pay differential between domestic and offshore remote workers. The benefits of hiring these remote employees must be balanced against the potential cybersecurity consequences. Organizations have opened themselves up to cyber threats and potential sanctions through the remote hiring process.
The Democratic People’s Republic of Korea (“DPRK”) is a major actor in state-sponsored cybercrime. Threat actors operating out of the DPRK typically seek monetary gain in an effort to evade sanctions. One such threat actor, dubbed Famous Chollima by American cybersecurity technology company CrowdStrike, exploits the remote hiring process to infiltrate organizations and become insider threats. Members of Famous Chollima pretend to be offshore tech hires, falsifying resumes, generating profiles via Artificial Intelligence, and utilizing deception during hiring. Once hired, they use “laptop farms” to disguise their location, pretending to be in the Philippines, India, or some other foreign country, and collecting a salary while harvesting sensitive data and learning critical details of corporate IT and security infrastructure for later sale or direct exploitation. CrowdStrike has uncovered Famous Chollima applying to or working at more than 150 organizations.
This threat is worrisome and problematic in its own right. Exposure of sensitive data could lead to reputational harm as well as regulatory scrutiny and penalties under the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), and other laws. Paying the salary of someone in the DPRK—knowingly or unknowingly—could also violate Office of Foreign Assets Control (“OFAC”) regulations, leading to severe financial penalties and legal consequences for the employer.
To avoid these pitfalls of remote hiring, we encourage our clients to protect their businesses by conducting exhaustive due diligence on remote hires. For example, strict identity verification and background checks, such as cross-referencing work histories and credentials with reliable sources, should be established. Rigid adherence to access controls, continuous monitoring for behavioral anomalies, comprehensive application of endpoint security, and implementation of a strong data loss prevention program are essential to addressing insider threats. Ultimately, organizations must ensure that vendors and contractors follow strict security and compliance protocols while educating Human Resources (“HR”) and hiring managers on the risks associated with offshore hiring.
If you would like to discuss further the impact of insider cyber threats on your organization and best practices for mitigating cyber risk, please contact Joshua N. Cook of The Wagner Law Group. Our team is available to assist with compliance, cybersecurity risk management, and employment law considerations related to offshore hiring.