When Logging In Becomes the New Breaking In

Simon Carver

Welcome to the show. I want to start with one number: 97%. That’s the share of identity-based attacks now relying on stolen or misused credentials rather than some dramatic technical breach. Which means, for a lot of people at work, the door isn’t being kicked in anymore... it’s being opened with the right key. I’m Simon Carver, I’m here with my co-host, Lachlan Reed. ... Before we get into today’s conversation, I want to take a moment to introduce someone new to The Human Workforce—and I’ll say this plainly, this is a voice you’re going to want to pay attention to.”“Joining us today is Jack Burns.”“Jack brings a very different kind of presence to the discussion. He’s not here for noise, and he’s certainly not here for headlines. His background is rooted in precision—both intellectually and physically—which shows up immediately in how he thinks, how he listens, and how he speaks.”“He’s a physics-trained mind, someone who understands systems from first principles, not surface-level narratives. He’s also spent years developing discipline outside of theory—he’s an expert marksman and a black belt in Jiu-Jitsu—so when he talks about control, pressure, and decision-making, it’s not abstract. It’s lived.”“But what sets Jack apart isn’t just capability—it’s composure.”“He doesn’t rush to conclusions. He doesn’t react for effect. He deconstructs ideas carefully, exposes weak assumptions, and rebuilds them into something clearer… something more honest.”“You’ll notice quickly—he doesn’t try to dominate a conversation. He stabilizes it. Slows it down just enough to reveal what actually matters.”“And in a world that’s increasingly driven by hype, speed, and surface-level thinking… that kind of voice isn’t just valuable—it’s necessary.”“Jack, welcome to The Human Workforce.”

Jack Burns

Thank you, Simon. It’s good to be here. And that 97% figure matters because it tells us something structural. Most systems do not fail at the point people expect. They fail where assumption replaces observation. My approach, generally, is to reduce a problem to first principles: what is actually happening, what merely appears to be happening, and which beliefs inside the system have gone untested for too long.

Simon Carver

“Assumption replaces observation” — that’s the line, isn’t it? Because I think most people still picture espionage as trench coat stuff, state secrets, maybe a briefcase handoff in a parking garage. And what you’re saying is, no, the modern version may look completely ordinary from the inside.

Jack Burns

Exactly. Espionage did not disappear. It industrialized. What was once rare, highly targeted, and physical is now persistent, scalable, and digital. And it is no longer confined to governments. Companies are targets. Employees are targets. Small firms are targets. The objective has shifted from stealing secrets for abstract power to acquiring information for concrete advantage.

Lachlan Reed

Yeah, and that’s the bit that lands, hey. “Information for advantage” sounds tidy, but in plain English it’s this: if your team spends five years building a product, or a process, or some weird little edge nobody else has figured out, someone else doesn’t need the five years. They just need ACCESS. It’s like leaving the ute unlocked and acting shocked when the tools are gone. Not cinematic -- just costly.

Simon Carver

The “ute unlocked” version of industrial espionage is uncomfortably clear.

Jack Burns

And access, increasingly, is not gained by breaking in. It is gained by logging in. That distinction changes how we think about risk. If the credential is valid, the system often interprets the activity as normal. So the intrusion is not registered as violence. It is registered as routine.

Lachlan Reed

Wait -- “logging in” is the thing I think people will remember. Because that means the threat can look exactly like Karen from finance, or your ops lead, or you on a Tuesday before coffee. No smashed windows. No alarms. Just... normal work. That’s slippery as a fish on a jetty.

Jack Burns

Yes. And once you understand that, the conversation changes. Security is no longer only about perimeter defense. It becomes a question of identity, behavior, and verification. Who is this person, really? Why are they requesting this? Does the action fit the context? Those are human questions as much as technical ones.

Simon Carver

Which is why you felt like the right person to bring in here. This podcast spends a lot of time on work as a human system -- trust, pressure, judgment, the small choices people make when they’re tired or rushed or trying to be helpful. And this topic sits right in that mess. It isn’t just cybersecurity. It’s how people behave inside uncertainty.

Jack Burns

That is precisely why it matters to me as a guest host. When people hear “security,” they often imagine software, hardware, controls, protocols. Those matter. But the deeper question is human interpretation under pressure. People trust authority. They respond to familiarity. They act quickly when urgency is manufactured around them. Modern attacks are designed to exploit those patterns, not bypass them.

Lachlan Reed

And that makes it feel close to home, doesn’t it? Because now we’re not talking about some shadowy thing happening in Langley or wherever. We’re talking about your boss getting impersonated. Your team getting nudged. Your company getting peeled open one believable message at a time. Even a kangaroo could trip over that one if they’re moving too fast.

Simon Carver

So let’s make the present-tense case for this. Why NOW? Why does this deserve airtime on a show about the human workforce?

Jack Burns

Because the pace has changed. AI compresses time. Tasks that once required days or weeks -- researching targets, mapping relationships inside an organization, crafting persuasive communication, identifying likely points of weakness -- can now be done in hours, sometimes minutes. The threat is not merely larger. It is faster, cheaper, and more adaptive.

Lachlan Reed

“Hours or minutes” is the scary bit for me. Because old-school phishing was usually a bit crook -- bad spelling, weird vibes, looked like it was written by a toaster. But if AI can chew through public data and spit out something that sounds exactly like your manager, your client, your mate from procurement... that’s a different beast.

Jack Burns

Correct. It is no longer generic. It is personalized. AI can analyze public information, determine who matters within a company, and generate communication that appears indistinguishable from someone trusted. That means the attack surface is no longer just the device or the network. It is the relationship.

Simon Carver

“The relationship” -- I’m glad you said it that way. Because walls and passwords at least feel concrete. A relationship feels... human, messy, emotional. And that connects to another number from the research: 85% of espionage cases involve insiders, whether intentional or accidental. Eighty-five. So the weak point isn’t some abstract machine. It’s a person inside the flow of work.

Jack Burns

Yes. And we should be careful there. “Insider” does not mean villain by default. It often means ordinary employee under ordinary pressure making an extraordinary mistake. The person is tired. The request looks legitimate. The timing feels urgent. The behavior is understandable. That is why simplistic narratives about carelessness are usually wrong.

Lachlan Reed

Right, because if we just say, “Ah well, people are careless,” we learn nothing. That’s a cop-out. It’s like blaming a bike for skidding when the road’s covered in oil. The more useful question is: what conditions made the slip likely?

Jack Burns

Exactly. And those conditions are worsening. Consider deepfakes. There are documented cases in which employees transferred millions of dollars after joining video calls where every participant was artificially generated. From their perspective, the signals all aligned. Familiar faces. Familiar voices. Familiar authority. Their senses confirmed the lie.

Simon Carver

Wait -- “every participant” was generated? Not just one fake executive, but the WHOLE call? That’s the detail that sticks. Because we grew up with “trust what you see,” and now even a live video meeting can be theatre.

Lachlan Reed

Yeah. That old rule’s cooked. “Trust what you see” used to be decent advice. Now it can get you cleaned out. And when you add the economic side -- 1% to 3% of U.S. GDP lost annually to economic espionage -- that’s not just nerdy security chat. That’s jobs, businesses, and trust getting smashed to bits.

Jack Burns

And that is why I describe this as a silent battlefield. Not because it is dramatic, but because it is subtle. Organizations are being shaped by pressures they often cannot see clearly. Leadership reacts to unexplained losses. Trust erodes. Decisions become more defensive, sometimes more irrational. The external threat becomes an internal distortion.

Simon Carver

So the real tension here isn’t “technology bad, humans good.” It’s that the more convincing the signal becomes, the more important judgment becomes. And judgment, inconveniently, is slow.

Jack Burns

Precisely. The answer for organizations is not panic. It is disciplined adaptation: models such as Zero Trust, stronger behavioral awareness, defensive use of AI, and cultures that reward verification rather than speed alone. For individuals, the principle is even simpler. Slow down. Question assumptions. Verify before you trust. The most dangerous thing in this environment is confidence without validation.

Lachlan Reed

That’s a good place to start, honestly. Not paranoia. Not doom. Just a bit more ballast in the boat. Take the extra beat. Check the voice. Check the request. Check the context. Because the quiet stuff -- the stuff that feels normal -- might be where the whole game is now.

Simon Carver

And maybe that’s the unsettling part worth sitting with: if work has become a battlefield, it doesn’t always announce itself as conflict. Sometimes it arrives as a familiar face asking for something small. Jack Burns, glad you’re here.

Jack Burns

Thank you. The reality is less dramatic than people imagine... and that is exactly what makes it more dangerous.