Insider Threat Management

Gitlab’s Hiring Ban Considerations Reflect the Rise of Nation-State Threats

Share with your network!

TL;DR: Gitlab recently said that it would consider a hiring ban from China and Russia for employees who handle sensitive customer data. This discussion points to the rise in concern for nation-state threats. Here’s what to watch out for.

Gitlab, an enterprise code hosting platform with a fully remote workforce, recently said that it would consider a hiring ban from the countries of China and Russia, after customers expressed concern over who was handling their most sensitive data. The company stores open source code on behalf of enterprise customers on a cloud-hosted server (there’s also an on-premises option), and provides support services, as well. 

The ban, if implemented, would be limited to employees with the title of site reliability engineer and support engineer, as these employees have full access to sensitive customer data. With hires like these, trust is of utmost importance. However, the geopolitical climate in both China and Russia has given many companies cause for concern when it comes to nation-state threats

What Are Nation-State Threats?

Nation-state threats, otherwise known as state-sponsored Insider Threats, happen when a trusted employee or contractor is working on behalf of a foreign government to gain access to and exfiltrate sensitive data. While this scenario may seem as if it’s lifted from the silver screen, corporate espionage has been on the rise in recent years. In 2019, U.S. officials have named China as the U.S.’ top intelligence threat, with both economic and political motivations to gain access to insider secrets. In addition, Russia’s sophisticated nation-state hacking operations are nothing to ignore. 

Many companies, including Amazon last fall, have recently experienced state-sponsored threats. Foreign governments will often rely on trusted employees to gain access to sensitive customer data, trade secrets, or intellectual property. Often times these insiders can go undetected without the right Insider Threat management tools in place. The most successful companies combine HR-led initiatives like hiring freezes (such as the one being discussed at GitLab) and background checks with Insider Threat management strategies. 

Be Vigilant of State-Sponsored Insider Threats

Nation-state Insider Threats are often very sophisticated and can fly under the radar, in some instances stealing secrets unnoticed for months (or even years!) Sometimes, fellow employees and HR teams can detect suspicious behaviour among these malicious insiders. However, having a dedicated Insider Threat management solution can help fill in the gaps for unsuspecting teams. 

Here’s why: Insider Threat management tools monitor a combination of user and data activity, which is particularly useful since nation-state threats are exfiltrating data (often very quickly) outside the organisation. Without these types of tools in place, dwell time can be significant for state-sponsored insiders, who often can be privileged users with administrative credentials. Solutions like Proofpoint ITM can detect suspicious user activity and quickly alert the security team. From there, security analysts can see detailed timelines of user activity, as well as metadata on server access and file movement — providing much-needed context into who did what, when, where and why.

Combined with personnel-centric approaches like the one being explored by Gitlab, organisations can successfully reduce the risk of nation-state threats in their servers.

Want to learn more about state-sponsored threats? Check out our guide!

Spies Among Us: The Rise of State-Sponsored Threats