Cybersecurity concerns of the “Great Resignation”

One of the unexpected side-effects of the COVID pandemic has been that people are increasingly quitting their jobs. And it does impact cybersecurity.

Today’s reality is that organizations are globally facing the biggest talent crisis since the 2008 recession.  It seems that people are no longer competing for jobs but companies are competing for people.

According to a Microsoft survey, 41% of the global workforce is considering resigning from their current roles. A survey by Monster shows that 95% of workers are considering a job change. The UK and Ireland survey found that 38% of employees were planning to leave their jobs in the next six months to a year.

African workforce is following the suit. About 76% of surveyed people say that they would move from their current jobs, compared to 55% globally.  Approximately 59% of South Africans are willing to move to another country for work.

The survey by Boston Consulting Group (BCG) found that 73% of employees working in digital fields globally are expecting to leave their current role in the next two to three years, and as many as 40% are actively job-hunting – putting them at the forefront of the emerging ‘great resignation’ trend.

The “great resignation” is a phenomenon that describes the record numbers of people leaving their jobs as the COVID pandemic begins to diminish. The trend was initially reported in the US and Europe as the extended lockdown gave employees time to re-evaluate their careers and leave their jobs in record numbers.

Exacerbated by unfavourable economic conditions and some security concerns, the situation in South Africa is not much different from the rest of the “great resignation” world.

Cybersecurity implications

One of the driving forces of the “great resignation” is people’s sense of resentment in the workplace. The Darktrace hints that this increases the risk of employees acting maliciously against their employer:

“With the ‘Great Resignation’ of employees during the pandemic, we can expect to see disgruntled employees steal information or some of the employees, unintentionally, taking information with them to their next job. We have also seen criminal groups attempt to recruit insiders by offering a large sum of money or a portion of the ransom”.

The same source added that “with more organizations relying on cloud communication and collaboration applications, these threats become even more difficult to detect across sprawling digital infrastructures. With employees working remotely, enforcing the return of equipment and data will become even more difficult.”

Kaspersky’s cyber security predictions for 2022 warned that advanced persistent threats (APTs) are often linked with insider threats or unwitting insider jobs. These are stealth attacks typically performed by nation-states or state-sponsored groups. The Kaspersky APT forecasts also caution on increase in attacks targeting mobile devices:

“Mobile devices have always been titbits for attackers, with smartphones travelling along with their owners everywhere, and each potential target acting as storage for a huge amount of valuable information”.

Moreover, iOS users need to be especially careful as there is a significant increase in attacks targeting the iOS platform.  This trend is expected to continue in 2022 and beyond.

On the cybersecurity professionals’ side, the situation is not much different. We are witnessing cybersecurity professionals are burning out and getting frustrated:

“Quite frankly, security teams are exhausted. It’s been two years of trying to cope with all the incidents while dealing with mental anxieties from the virus. Of course, people are thinking about quitting,” said one CISO at a publicly-traded financial services firm who requested anonymity to speak freely about frustrations in his program.

So “great resignation” is affecting cybersecurity in many ways as threats can come from disgruntled employees, unaware and careless personnel but also from burnt-out cybersecurity professionals.

Protecting against insider threats

Preventing insider threats can be a complex endeavour but it can also be as modest as enforcing employees to adhere to the cybersecurity policies and providing training that enables them to distinguish the difference between normal and suspicious user activity.

In this regard, with the right insider threat prevention strategy, policies, procedures and tools in place, organisations stand a far greater chance of averting these threats and keeping corporate information assets safe and secure.

Introducing strong access rules, policies for least privilege and the separation of duties are the essentials of an insider threat programme. Also, the utilisation of user behaviour monitoring is indispensable for the early detection of insider’s intentional or accidental threats.

Having these safeguards in place will help organisations, not just detect insider threats timely, but also classify the threats, assess the damage and launch an appropriate response.

Human links are still considered the weakest in the cybersecurity chain. Hence, no wonder that cybersecurity professionals are increasingly turning to the automated enforcement of security policies. However, there is a word of caution not to over-rely on policy and automated enforcement when it comes to protecting against the insider threat.

Detecting and preventing insider threats are not trivial tasks. However, understanding that there is a possibility of such an attack makes the first step in a successful defence.

From the technical side, it is worthy of noting that the most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy Intrusion Detection and Prevention Solutions (IDPS), log management and the Security Information and Event Management (SIEM) platforms.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s