Don’t Let the Great Resignation Become an Insider Threat
The Great Resignation has had a major impact on cybersecurity in multiple ways, including increasing the risk of insider threats.
In a profession that already suffers from a talent gap, many organizations are seeing members of their security team decide to leave, sometimes for better pay and sometimes because they’ve had enough of the stress and frustration.
Overworked employees suffering from burnout are getting lazier about their security practices, according to a 1Password study. Eight in ten workers say they are exhausted and of those workers, one in five admit that following security practices isn’t worth the extra hassle. In fact, the report goes on to say, “Burnout, the Great Resignation and security habits are all connected. Employees who are ready to resign are more likely to feel that convenience is more important than security at work.”
And that attitude leads to the other cybersecurity concern caused by the Great Resignation—employees who care so little about their job that they become an insider threat.
“The Great Resignation does pose a cybersecurity risk for companies,” said Timur Kovalev, chief technology officer at Untangle, in an email interview. “The very nature of employees walking out indicates they aren’t happy with the employer, pay, work or colleagues. Disgruntled employees might seek revenge on the company that they perceived as having wronged them, or an undervalued worker might feel a sense of entitlement and sabotage the company.”
The Disgruntled Insider Risk
An unhappy worker has the same access to sensitive information as they did when they were a more satisfied employee. With the authorization to extract data or create backdoors into the systems, nothing is safe, Kovalev pointed out. The lackadaisical approach to security as a result of burnout already creates a higher level of risk, but if there is animosity against the company, that disgruntled employee may also be tempted to commit corporate espionage or sabotage.
Disgruntled employees aren’t just acting out because they are frustrated with the amount of work they are shouldering. They could be motivated by revenge or personal financial gain to commit IT sabotage, data theft or insider fraud.
“If data is cash, enterprise applications are the equivalent bank vault which employees often exploit as they are leaving an organization,” said Kevin Dunne, president at Pathlock, in an email comment. “Monitoring what users are doing with their access from the point of their resignation to their departure is key to unearthing risky behavior.” This includes monitoring behavioral patterns, particularly unusual downloads or out-of-the-ordinary login behavior.
Decreasing the Insider Threat
According to Untangle’s 2021 SMB IT Security Report, “lack of manpower” was named one of the top three barriers to network security for small and medium businesses. As more employees join the Great Resignation, the risks your organization will be exposed to increase, including after employees depart.
Companies should do more to invest in security solutions that prevent bad actors, including those on the inside, to gain unauthorized access to networks and data. Fewer skilled information security workers, though, means there will be a shortage of employees able to manage these solutions.
Automation is the best remedy for this situation. Artificial intelligence (AI) and machine learning (ML) tools that monitor user behavior can flag anomalies that can signal insider risk. Repeated poor security habits can also indicate unhappy employees who may have mentally checked out of their job or are in the midst of a new job search. Burnout and boredom can ebb and flow, but if the behaviors are habitual, limiting account access can help prevent a disgruntled insider, or someone on the cusp of joining the Great Resignation, from doing too much damage.
And, should the employee quit, processes should be in place to immediately disable their accounts and block all access to the network.
“An insider may have the ability to impact the confidentiality, integrity or availability of the company’s systems, networks or data,” said Kovalev. “While companies may invest in keeping malicious attacks out, solutions designed solely to prevent outside attacks cannot combat the risks coming from within the organization.”
