Layoffs and hiring freezes triggered by tariffs can heighten the risk of insider threats, an FBI veteran tells Cybernews. Plus, nation-state threat actors will definitely try to recruit disgruntled employees.
Tariffs on Canada and Mexico announced by US President Donald Trump early this week have already been delayed, softening the attack on American neighbors.
Maybe Trump really doesn’t understand that tariffs are not paid by countries, but importers – US companies that buy products from businesses in the targeted markets. Maybe it’s all a big show for ratings.
Either way, the air is already full of economic uncertainty. The latest monthly job cuts report from Challenger, Gray & Christmas said that US-based employers cut more jobs last month than any February since 2009.
According to James Turgal, VP of global cyber risk and board relations at Optiv, a cybersecurity firm, people can definitely lose their jobs due to tariffs because they drive up costs for businesses – and this is also a cybersecurity risk.
“Nation-state threat actors have increasingly turned to social media and online platforms to identify and recruit disgruntled employees, exploiting workplace dissatisfaction to gain insider access to corporate networks and sensitive data,” Turgal, an FBI veteran of 22 years, told Cybernews.
Economic uncertainty is a cybersec risk
Employees who have been laid off or fired make prime targets for cybercriminals, Turgal pointed out.
First, people in difficult life circumstances are simply more vulnerable to phishing and other social engineering attacks designed to trick them into giving away their credentials – often because they can be desperate for good news or job opportunities.
Besides, cybersecurity budgets are often among the first to be cut during economic downturns. This financial strain can lead to smaller security teams due to layoffs or hiring freezes as well as reduced investment in security tools and infrastructure.
“Cybercriminals – particularly nation-state actors from China, Russia, and Iran – actively exploit economic instability, targeting businesses that scale back their security defenses,” Turgal told Cybernews.
Tariffs may also force companies to rapidly pivot to new, untested suppliers, potentially introducing cybersecurity vulnerabilities.
Less reputable manufacturers may have weaker security protocols, increasing the risk of supply chain attacks, hardware backdoors, and compromised software.
Adversarial nations could take advantage of these shifts, embedding malicious components into alternative supply chains to exploit weakened security oversight.
Disgruntled workers become targets
Additionally, with mass reductions in force, IT teams can be stretched thin, and shutting down employee access can get moved to the back burner.
“This means individuals could end up working for other organizations while still having credentials to log into their previous company’s systems,” said Turgal.
Naturally, with the jobs market in chaos and many blaming the federal government, workplace dissatisfaction levels are rising. And disgruntled workers are among the most profound cybersecurity threats to their ex-employers, Turgal pointed out.
These same nation-state actors from China, Russia, and Iran have increasingly turned to social media and online platforms as tools for espionage and cyber infiltration. They are designing and using AI algorithms to search these platforms for disgruntled employees and targets to groom.
"Individuals could end up working for other organizations while still having credentials to log into their previous company’s systems,"
James Turgal
Once a potential target is identified, state-sponsored cybercriminals initiate contact under the guise of sympathizers or even offer financial incentives to encourage retaliation through cyber means.
By exploiting these grievances, the threat actors obtain login credentials or privileged access, enabling them to infiltrate corporate networks, exfiltrate sensitive data, or even deploy disruptive cyberattacks.
“The fear and economic uncertainty created by mass firings and reductions will increase the number of American employees willing to work with and for these cyber threat actors, whether it is by providing intelligence about the company’s IT ecosystem or going as far as working for the threat actors and launching the malware,” Turgal told Cybernews.
Optiv’s advice for organizations is to be extra vigilant, especially in times of major change. They should, for example, shut down access as soon as an employee leaves a company, and closely monitor privileged users, such as system administrators, for any anomalous behavior or attempts to circumvent security controls.
Your email address will not be published. Required fields are markedmarked