Foreign intelligence agencies are trying to recruit tech staff in big businesses in an attempt to gain access to vital IT systems, MI5 has warned British business chiefs.
In recent months, the UK security service has had a series of "high-level conversations with executives" to warn of the risk, according to the Financial Times. Targeting IT staff — who often have unfettered access to the most important systems — is seen as one of the quickest ways to gain access.
The security service is warning that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network.
It's not the first time that techies have been warned that foreign powers may be trying to seduce them. MI5 has previously warned that IT staff travelling abroad are being targeted by foreign spies in an attempt to steal details of cutting-edge technologies and research, and said that they should be aware of local laws on social and sexual behaviour in order to avoid the risk of 'honeytrap' blackmail.
Large companies are regularly targeted by hackers, whether criminal and controlled by security services. And while intellectual property such as designs for new products or details of contracts is the most common target, there is also concern that hackers are looking for vulnerabilities in systems that could be used as part of cyberwarfare planning.
According to the UK government's 2014 Information Security Breaches Survey, around five percent of the companies had suffered deliberate sabotage by staff of systems or data. While it's a low number, the report warned "deliberate sabotage by staff, when occurring, is moving towards becoming a repeated offence."
Larger companies are more likely to experience a staff-related security problem, perhaps because the complexity of their systems makes it easier for staff act inappropriately without getting caught.
According to the survey, 58 percent of large organisations suffered staff-related breaches. Most employee-related incidents involved unauthorised access to systems or data such as using someone else's ID to access systems. Workers accidentally lost confidential information at more than half of large organisations, and actively misused it at a third of them. "These results indicate that staff still play a key role in security breaches particularly for large organisations," the report said.
The UK government has been ramping up its cybersecurity efforts recently, noting "Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK."
It has launched the CERT-UK security coordination body and run a number of cyber wargames. The government also held a meeting with banks, water, energy, communications and transport companies along with the security and intelligence agencies to discuss steps needed to boost security.