Loyalty has become the frontline of cyber defence. A disaffected employee is more dangerous than the most sophisticated malware, writes Paul Armstrong

October is the month of cybersecurity, so expect to hear a lot about firewalls, zero-days and state-sponsored hackers for the next few weeks. The BBC insider-threat story is one that should be a flashing red light warning to a lot of leaders out there who are soft firing, not investing, denying requests and generally not worrying about their meatbags.

Why? Not the technology, but the psychology. A ransomware gang approached a journalist with a simple proposition: hand over your corporate keys and never work again. No brute-force attack. No dark-web exploits. Just a direct appeal to human frustration. Hackers know the softest target is not code, but your unhappy people. Now ask yourself, after years of less than cost of living wage rises and watching record CEO bonuses, are your employees less or more likely to be tempted?

Businesses should pay attention because this is not an isolated stunt. Insider threats are rising precisely because the global workforce is restless. Employees are bombarded daily with recruiter emails, Linkedin messages, private Whatsapps, and counteroffers. Now criminal syndicates are promising life-changing wealth in exchange for a login and a moment of complicity. The calculation is as ugly as it is brutally simple. Why keep grinding for incremental pay rises when criminals promise financial freedom? Boards and investors who still treat employee engagement as a soft metric could well be adding to their own list of problems and increasing risk exposure.

But don’t they all get caught? Here’s the brilliant bit. No. Many breaches are misattributed to “external” threats because attribution is messy. Sophisticated syndicates exploit........

© City A.M.