MI5: Your junior IT employees are being groomed to steal information

Britain’s MI5 has warned corporate leaders that foreign spies and agents are recruiting IT employees to get access to classified information.

The Financial Times, which quoted anonymous Whitehall officials, said that MI5 spoke to corporate executives on the matter of increasing their "digital defences".

Officials warned that IT staff are vulnerable to honey-traps, and insider threats such as espionage from within a company go overlooked by most firms.

The FT said: "Grooming a source with access to highly sensitive information used to be a process that cold war spymasters would spend years orchestrating, but now, even the most junior IT employees can be highly coveted intelligence assets thanks to their often wide-ranging network privileges."

Cyber-attacks are ranked as a "tier 1 threat" by the UK’s national security risk assessment. This is defined as an event that will probably occur, and with it bring major impact.

Ross Brewer, vice president of LogRhythm, said: "By traditionally focusing on external hackers, businesses have often ended up overlooking the significant security threat posed by those on the inside. Used to nameless, faceless perpetrators, it’s understandably more difficult to accept that the culprit may be sat right next to them, however continuing to ignore this could now lead to catastrophic consequences.

"Indeed, employees of all levels – from the CEO all the way down to the junior IT assistant – are in the frame and could potentially expose data that threatens not just the company, but the entire nation’s secrets. With threats coming from all angles, businesses now more than ever need to be aware of exactly what is happening across their IT network at all times. To gain this level of visibility, proactive continuous monitoring of all activity must be in place.

"After all, these foreign agencies will be teaching their targets the most sophisticated tactics in order to help them bypass traditional security tools and access company information undetected. As the insider threat gets bigger, ignorance is no longer bliss – only by taking control and monitoring both external and internal activity will businesses be able to compete with the bad guys."