The recent leak of sensitive US military operations via the Signal messaging platform, triggered by the accidental inclusion of a journalist in a group chat, underscores a fundamental and often overlooked vulnerability in many organisations: people. Specifically, individuals who operate within or adjacent to an organisation but fall outside standard onboarding and training processes.
This is particularly true in the public sector, where you find a wide array of individuals with high-level access to sensitive information: MPs, local authority figures, trustees, and central government officials, who are often not treated as traditional employees. As a result, they are frequently excluded from formal onboarding and awareness programs. Another at-risk group includes temporary workers, contractors, and interns, who may have legitimate access but limited information security education.
It’s easy to say that those in positions of power, such as a secretaries of state, should “know better.“ But that assumes they’ve had any foundational information security training in the first place. Politicians, after all, are not cyber security experts; they are public figures who have…
