By Jess Pembroke, Director of Information Law Services
As the modern workplace has evolved, so too have the boundaries of security. Historically, data breaches often stemmed from physical access – someone walking out with a USB stick or leaving a file on a train. Today, however, threats have adapted to the digital environment with the rising increases of “insider” threats. With remote access now common across many industries, it has become easier to gain access to data or trade secrets without ever setting foot in the office.
A recent article written by BBC a journalist discusses how he was approached by cybercriminals offering money to break into the BBC[1]. They mistakenly assumed he had privileged access and offered him a share of the money from an attack. When the journalist slowed his engagement with them the attackers stepped up the pressure, he said
“As I held my phone in my hands, the screen filled with a new request every minute or so. I knew exactly what this was a hacker technique known as MFA bombing. It’s a tactic where attackers flood your device with authentication requests, hoping you’ll approve one out of frustration or confusion.”[2]
In this case the journalist did not engage with the criminals, and the BBC took steps to protect themselves from attempt, but attackers will be using these techniques on many other organisations across the UK and Europe.
In addition to being enticed by cyber criminals there are many other cases of employees either stealing IP or leaking personal data such as in August 2025, Apple filed a lawsuit against a former employee, accusing him of stealing Apple Watch trade secrets and handing them to Chinese tech firm Oppo;[3] and Tesla reported that former employees leaked thousands of personal records to a German news outlet[4].
Reducing Risks posed by Malicious Insiders
Whether driven by financial gain, personal grievances, or being manipulated, employees or contractors with access to sensitive systems and data can cause serious harm. There are proactive steps organisations can take to reduce the likelihood and impact of insider-driven breaches, which include:
- Limit Access
Apply role-based access controls. Only give people access to what they need and review it regularly. - Monitor Behaviour
Watch for unusual downloads, access patterns, or attempts to bypass controls. Your IT service or providers should have alerts and act when these alerts are triggered. - Educate and Train
Insider threats often stem from ignorance, not malice. Regular training on data handling, IP protection, and breach reporting is essential. - Use Secure Collaboration Tools
Avoid sharing sensitive data via spreadsheets or email. Use platforms with audit trails and permission controls. - Run Tabletop Exercises
The NCSC’s Exercise in a Box is a great way to simulate insider threat scenarios and test your response. - Enforce Exit Protocols
Ensure departing staff understand their obligations. Revoke access immediately.
Cybersecurity isn’t just about keeping the bad guys out; it’s about recognising that the threat may already be inside. Your organisation places trust in its employees to follow security controls, including coming forward when they’re approached or enticed by malicious actors. But that trust must be supported by culture.
Do you have an open environment where staff feel safe to report suspicious behaviour, near misses, or data breaches?
Is there a clear and well-understood escalation process?
Building a culture of transparency and accountability is just as critical as deploying technical safeguards. Without it, even the best security systems can be undermined from within.
If your organisation would benefit from a refresh on data protection breach management, enquire about our course: Information Security & Data Breach Management
[1] ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC – BBC News
[2] ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC – BBC News
[3] Apple Sues Ex-Employee Who Allegedly Stole Apple Watch Secrets for Chinese Rival Oppo [Updated] – MacRumors
[4] Tesla says former employees leaked thousands of personal records to German news outlet | SC Media