The spy who loved IT: Are your techies being recruited by foreign agents?

The spy who loved IT: Are your techies being recruited by foreign agents?

Summary: Intelligence agencies see recruiting tech staff as a quick way to access corporate secrets, warns MI5.

SHARE:

Foreign intelligence agencies are trying to recruit tech staff in big businesses in an attempt to gain access to vital IT  systems, MI5 has warned British business chiefs.

In recent months, the UK security service has had a series of "high-level conversations with executives" to warn of the risk, according to the Financial Times. Targeting IT staff — who often have unfettered access to the most important systems — is seen as one of the quickest ways to gain access.

The security service is warning that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network.

It's not the first time that techies have been warned that foreign powers may be trying to seduce them. MI5 has previously warned that IT staff travelling abroad are being targeted by foreign spies in an attempt to steal details of cutting-edge technologies and research, and said that they should be aware of local laws on social and sexual behaviour in order to avoid the risk of 'honeytrap' blackmail.

Large companies are regularly targeted by hackers, whether criminal and controlled by security services. And while intellectual property such as designs for new products or details of contracts is the most common target, there is also concern that hackers are looking for vulnerabilities in systems that could be used as part of cyberwarfare planning.

Read this: Inside the secret digital arms race: Facing the threat of a global cyberwar

According to the UK government's 2014 Information Security Breaches Survey, around five percent of the companies had suffered deliberate sabotage by staff of systems or data. While it's a low number, the report warned "deliberate sabotage by staff, when occurring, is moving towards becoming a repeated offence."

Larger companies are more likely to experience a staff-related security problem, perhaps because the complexity of their systems makes it easier for staff act inappropriately without getting caught.

According to the survey, 58 percent of large organisations suffered staff-related breaches. Most employee-related incidents involved unauthorised access to systems or data such as using someone else's ID to access systems. Workers accidentally lost confidential information at more than half of large organisations, and actively misused it at a third of them. "These results indicate that staff still play a key role in security breaches particularly for large organisations," the report said.

The UK government has been ramping up its cybersecurity efforts recently, noting "Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK."

It has launched the CERT-UK security coordination body and run a number of cyber wargames. The government also held a meeting with banks, water, energy, communications and transport companies along with the security and intelligence agencies to discuss steps needed to boost security.

Further reading

Topics: Security, Government UK, EU, United Kingdom

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Foreign Agents?

    seems many here are being recruited by Google's PR department in the USA....
    William.Farrel
  • Beware of the CEO

    Given the total amount CEO's and the amount of them who are willingly been removed from their posts (hardly ever one of them is prosecuted) the real question should be "How to stop your president of stealing the company blind"
    Eric-Jan.H