North Korea is infiltrating Fortune 500 companies with fake employees. They create authentic LinkedIn profiles, excel in remote interviews, collect salaries, and secretly steal intellectual property, cryptocurrency, and system access. This isn't a future threat. It's happening right now across more than 40 countries. In this episode of Follow the White Rabbit, Link11 ISO Kofi Osae-Attah sits down with Kritika Roy, a senior threat intelligence researcher at DCSO in Berlin. Together, they map the threat landscape that most security teams only partially see.

Kritika's work sits at the intersection of geopolitics and cybersecurity — and that intersection is where the full picture emerges. China is running long-term intelligence operations aligned with its five-year economic plan. Russia is focused on disruption and sabotage, especially since invading Ukraine. Iran is tracking dissidents and targeting organizations with Israeli ties. And North Korea? It's doing it all — stealing money to fund weapons programs, embedding operatives inside companies, and learning by doing. The line between nation-state espionage and cybercrime has blurred to the point of being nearly indistinguishable. Threat actors are buying ransomware on the dark web as if it were Amazon. Attribution is becoming more difficult. Defenders are falling behind.

The most important insight from this conversation isn't technical; it's contextual. Geopolitics determines who targets you, when, and why. A NATO summit, a trade dispute, or an election can trigger a wave of tailored phishing campaigns and targeted intrusions. Kritika's advice to security teams isn't to become intelligence agencies. Rather, it's to read the news, understand the motivations behind attacks, and stop treating every threat with the same level of urgency. Prioritize based on context. If you're hiring remotely, ask your candidates what the local food is like. You'll be surprised at how much that one question can reveal.

1. North Korean IT workers are already inside companies. They are hired through legitimate job platforms, work as regular employees, and use their access to steal money, intellectual property, and system knowledge. The fix? At a minimum, conduct one in-person interview.
2. Geopolitics is a threat intelligence tool. Phishing lures are timed to coincide with summits, elections, and conflicts. Knowing what's happening in the world allows you to anticipate what's coming at your organization.
3. The four main threat actors have different goals. China wants intelligence. Russia wants to cause disruption. North Korea wants money and knowledge. Iran targets dissidents and organizations related to Israel. Knowing who you're up against changes everything about how you defend yourself.
4. The line between cybercrime and nation-state activity is disappearing. Nation-state actors are purchasing off-the-shelf malware on the dark web. Attribution is becoming more difficult. Security teams need to adapt their thinking.
5. Fundamentals still win. Patch management, identity security, endpoint visibility, and regular red team exercises are not boring basics; they're essential. They're the difference between being resilient and being exposed.

Subscribe to Follow the White Rabbit.

If this conversation changed the way you think about hiring, threat intelligence, or geopolitics, tell someone. Subscribe on your preferred platform, leave a review, and share this episode with your security and HR teams. Both need to hear it.

Take a look at Kritika Roy's Linkedin profile or the DCSO Website

MITRE ATT&CK – North Korea Threat Groups

FBI Advisory: North Korean IT Worker Threat (2024)

Mandiant / Google: APT Overview by Nation State

In this episode of Follow the Rabbit, host Kofi Osae-Attah sits down with Luigi Rebuffi, founder of the European Cybersecurity Organization (ECSO) and the Women4Cyber Foundation, for a deep dive. Drawing on his 40-year background in nuclear engineering, Luigi challenges the industry to move beyond digital resilience, which he views as a static buzzword, toward a more holistic, systemic approach to resilience.

He argues that most organizations are fighting the "old war," treating cybersecurity as a linear compliance checklist. In contrast, systemic resilience is inspired by complex systems theory. It focuses on nonlinear interdependencies (the "mesh"), where a failure in a minor component can lead to a crisis, but where optimized investment in these interactions can also create "double value," improving safety and operational efficiency.

The conversation also covers the "positive cascade" of the human factor, why government resilience must shift from "fortress" mentalities to flexible meshes, and how a Bayesian approach to risk management can help leaders navigate a non-binary world.

Takeaways

1. Resilience Beyond the Digital: Digital resilience is only one sub-element of a larger system. Systemic resilience considers the interaction of all parts - mechanical, environmental, and human - to prevent total collapse.
2. The "Ferrari" Analogy: You can have the perfect cybersecurity "engine" (tools), but if your "tires" (human training or third-party dependencies) are flat, the system won't be resilient. We must assess the interaction between parts, not just isolated components.
3. The Human Factor as a Resource: Although the human factor is often blamed as a vulnerability, it is fundamental to resilience. Luigi argues that organizational systems should be designed so that human error doesn't lead to catastrophic failure.
4. From Linear to Systemic Risk: Traditional risk management is Newtonian, or cause-and-effect. Modern resilience requires a Bayesian approach that maps the probability of "hidden crises" within a complex mesh of factors.
5. Sovereignty as a Dynamic Mesh: Government resilience shouldn't rely on building a static "fortress." True sovereignty comes from controlling the "mesh" - the links and interactions between existing partners - to maintain control.

Why Listen?

Are you tired of the same old "compliance-first" discussions? This episode offers a radical, engineer-led perspective on the future of European strategy. Luigi Rebuffi offers a blueprint for how organizations and governments can stop constructing static fortresses and begin to understand the dynamic interdependencies of the modern world.

Love the show? Make sure to like, follow, and subscribe to the Follow the Rabbit podcast!

You'll find Luigi on Linkedin.

Here you find more information about the ECSO.