When Hackers Offer a Fortune: BBC’s MFA Bribery Wake-Up Call for UK Small Businesses

Hackers are now targeting people, not just systems - offering bribes to bypass security. UK SMEs must strengthen both culture and technology to stay protected.

The Hacker News Story That Should Worry Every SME Leader

The BBC recently revealed that hackers attempted to bribe employees to bypass Multi-Factor Authentication (MFA), offering vast sums to insiders willing to compromise company security. It’s a story fit for Hacker News headlines, but the implications go far deeper for UK small businesses.

This case highlights an uncomfortable truth: as technology defences like MFA improve, cybercriminals are pivoting. Instead of attacking systems, they’re attacking people, through bribery, corruption, and social engineering. For SMEs in sectors like accountancy, legal, and finance, where client trust is everything, this insider threat could be catastrophic.

 

BBC Bribery Attempt: A New Age of Insider Risk

▪️Insider risk is real: Reports of hackers offering six-figure bribes show that criminals understand staff are often the weakest link.

▪️Financial pressure is fuelling corruption: In the current cost-of-living crisis, a £250,000 offer to “just approve a request” could be life-changing for some employees.

▪️High-trust sectors are prime targets: Businesses that handle sensitive client data face reputational damage as well as financial loss if even one staff member is compromised.

This isn’t just a big-business issue. With SMEs accounting for 99% of the UK economy, hackers know that smaller firms often have weaker safeguards and less formal training in place.

 

The Human Factor: Why Culture Is Security

Research shows that over 60% of UK breaches in 2025 involved the human element, with insider-driven incidents up by 32% year-on-year. Technology alone isn’t enough; the real defence is cultural.

To reduce risk:

✔️Normalise scepticism: Encourage staff to question unusual requests.

✔️Empower reporting: Make it easy and safe to report suspicious approaches.

✔️Reinforce values: Link cybersecurity to trust, ethics, and professional standards.

As one ITbuilder client, David Suckling of DSCO, explained:

“We’re trusted advisers to our clients. We needed an IT partner who was a trusted adviser to us. You can’t trust all IT companies, but we can trust ITbuilder”.

 

Technology Has Limits, But People Don’t Have To Be the Weak Link

Even strong MFA isn’t bulletproof. In 2025, 73% of business email compromise cases involved MFA bypass, often via “adversary-in-the-middle” phishing that steals session cookies.

That’s why managed security isn’t just about tools, it’s about blending technology, training, and culture.

How ITbuilder helps UK SMEs build resilience:

🔸24/7 monitoring and MDR (Managed Detection & Response): Continuous threat surveillance across cloud and on-premise systems.

🔸User awareness and phishing simulations: Practical training to help staff spot and stop attacks.

🔸Compliance alignment: Meeting standards like Cyber Essentials, ISO 27001, and PCI DSS.

🔸Real-time response playbooks: Action plans that remove fear and uncertainty when attacks happen.

 

Smart Systems: Blocking Suspicious Access Automatically

What if someone did say yes to a bribe? With ITbuilder’s managed security, even a compromised MFA doesn’t mean an open door.

The system analyses location, device, and behaviour. If a login occurs from Moscow at 3am, or if the “digital journey” is impossible, access is instantly blocked and admins alerted.

This layered approach ensures peace of mind for decision-makers: even if employees make mistakes, the system is ready to catch and contain the fallout.

 

Lessons From the Accountancy Sector:

Culture + Technology = Growth

Accountancy firm DSCO partnered with ITbuilder to overhaul their IT systems. The result?

✔️300% increase in productivity

✔️Seamless remote working before COVID-19

✔️Reduced downtime and improved client service


Technology enabled growth, but culture sealed the deal: DSCO’s people embraced the change, supported by ITbuilder’s collaborative, plain-English approach.

For SMEs, this is the key lesson: the right mix of security technology and staff buy-in doesn’t just protect against bribes and breaches, it fuels growth.

 

Would You Accept £250,000 for a Quick “Yes”?

This is the uncomfortable scenario every SME leader must consider. If even one staff member would hesitate before reporting such an offer, your defences are weaker than you think.

Why not run a quick test? Ask your team:

▪️What would you do if you received such an offer?

▪️Would you know how to report it safely?

▪️Do you feel confident that management would back you for speaking up?

 

Conclusion: Trust ITbuilder, Turn Your People Into Your Best Defence

Cybersecurity in 2025 is no longer just about firewalls and anti-virus. It’s about defending against corruption, bribery, and human vulnerability.

With ITbuilder’s Managed Detection & Response, user training, and compliance-first approach, UK small businesses can:

🔸Protect against insider risk and sophisticated attacks

🔸Increase productivity by freeing staff from downtime and uncertainty

🔸Certify compliance and demonstrate trust to clients

 

Final Word

👉 Let’s make your people your sharpest defenders, not your weakest link.

☎️ Book your free user-awareness session  or

Complete our Cyber Readiness Assessment

📩 Get in touch or email us at info@itbuilder.co.uk

 



James Naylor

James Naylor is ITbuilder's Managing Director and Founder. He has worked in technology since the early nineties and, after a decade in the corporate world, went into business himself.

James has lead ITbuilder for over two decades, building the business into the force that it is today, but is still a technician at heart and still very hands on with tech.

Despite growing up in Hertfordshire, James lived in the Netherlands for five years as well as London, before returning and setting up the base in Hertford, where he lives today.


More articles from

Back to Blog