Cybercriminals are increasingly targeting employees as a way into company systems, with insider threats now posing a serious and growing risk.
In one recent case, a BBC reporter revealed how a ransomware gang tried to recruit him through a messaging app, offering a share of a ransom if he provided access to BBC systems. The attempt escalated into an MFA bombing attack on his phone, a method used to pressure targets into approving login requests.
This form of insider targeting is becoming more common. For example, the UK’s Information Commissioner’s Office recently found that over half of insider cyber attacks in schools were carried out by students, often using guessed or stolen credentials. In the private sector, insiders have caused major breaches, including a former FinWise employee who accessed data on nearly 700,000 customers after leaving the firm.
Security researchers warn that ransomware groups now actively seek staff willing to trade access for money, rather than relying solely on technical exploits.
To reduce the risk, businesses are advised to enforce strong offboarding, monitor user behaviour, implement phishing-resistant MFA, and raise staff awareness about insider recruitment tactics.
